Detailed Application Activity

Displays overall information about application activity on your network. Example: the managed product which detects the security compliance, the name of the specific policy in compliance, the total number of security compliances on the network

Table 1. Detailed Application Activity Data View

Data

Description

Received

The time at which Control Manager receives data from the managed product.

Generated

The time at which the managed product generates data.

Product Entity

The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.

Product

The name of the managed product.

Example: OfficeScan, ScanMail for Microsoft Exchange

VLAN ID

Displays the VLAN ID (VID) of the source from which the suspicious threat originates.

Detected By

Displays the filter, scan engine, or managed product which detects the suspicious threat.

Traffic/Connection

Displays the direction of network traffic or the position on the network the suspicious threat originates.

Protocol Group

Displays the broad protocol group from which a managed product detects the suspicious threat.

Example: FTP, HTTP, P2P

Protocol

Displays the protocol from which a managed product detects the suspicious threat.

Example: ARP, Bearshare, BitTorrent

Description

Detailed description of the incident by Trend Micro.

Endpoint

Displays the host name of the computer in compliance of the policy/rule.

Source IP

Displays the IP address of the source from which the suspicious threat originates.

Source MAC

Displays the MAC address of the source from which the suspicious threat originates.

Source Port

Displays the port number of the source from which the suspicious threat originates.

Source IP Group

Displays the IP address group of the source where the violation originates.

Source Network Zone

Displays the network zone of the source where the violation originates.

Endpoint IP

Displays the IP address of the endpoint the suspicious threat affects.

Endpoint Port

Displays the port number of the endpoint the suspicious threat affects.

Endpoint MAC

Displays the MAC address of the endpoint the suspicious threat affects.

Endpoint Group

Displays the IP address group of the endpoint the suspicious threat affects.

Endpoint Network Zone

Displays the network zone of the endpoint the suspicious threat affects.

Policy/Rule

Displays the policy/rule the suspicious threat violates.

Detections

Displays the total number of policy/rule violations managed products detect.

Example: A managed product detects 10 violation instances of the same type on one computer.

Detections = 10