These are the MIME types associated with malware detected by MetaFlows. The severity is derived from what class of malware is detected. The True Positive Rate (
tpr) is calculated with respect to the global count of the same MIME associated with any file transfer or email attachment, whether or not it caused a compromise. This measures how dangerous a MIME type is.
The table below the bubble graph shows the sortable raw data. The first column is the invariant extracted from the events. If you have an account with MetaFlows, you can click on certain invariants to see if your sensors have detected it. The other columns should be self-explanatory. Hovering over a bubble or set of overlapping bubbles shows the raw data represented by the bubble(s) selected. This selection is sticky so that you can go to the table and inspect the data or click on the links within the table. To see all rows in the table, click outside any bubble.
|MIME Type||Description||Avg Priority (
||Total Priority (
||Global True Positive Rate (