Detailed Suspicious Threat Information

Provides specific information about suspicious threats on your network. Example: the managed product that detects the suspicious threat, specific information about the source and destination, the total number of suspicious threats on the network

Table 1. Detailed Suspicious Threat Information Data View

Data

Description

Received

Displays the time that Control Manager receives data from the managed product.

Generated

Displays the time that the managed product generates data.

Product Entity

Displays the entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.

Product

Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange

Mitigation Host

Displays the host name for the mitigation server.

Traffic/Connection

Displays the direction of network traffic or the position on the network the suspicious threat originates.

Protocol Group

Displays the broad protocol group from which a managed product detects the suspicious threat.

Example: FTP, HTTP, P2P

Protocol

Displays the protocol from which a managed product detects the suspicious threat. Example: ARP, Bearshare, BitTorrent

Destination IP Address

Displays the IP address of the endpoint the suspicious threat affects.

Destination Port

Displays the port number of the endpoint the suspicious threat affects.

Destination MAC Address

Displays the MAC address of the endpoint the suspicious threat affects.

Source IP Address

Displays the IP address of the source where the suspicious threat originates.

Source Host Name

Displays the host name of the source where the suspicious threat originates.

Source Port

Displays the port number of the source where the suspicious threat originates.

Source MAC Address

Displays the MAC address of the source where the suspicious threat originates.

Source Domain

Displays the domain of the source where the suspicious threat originates.

VLAN ID

Displays the VLAN ID of the source where the suspicious threat originates.

Security Threat Type

Displays the specific type of security threat managed products detect.

Example: virus, spyware/grayware, fraud

Threat Confidence Level

Displays Trend Micro's confidence that the suspicious threat poses a danger to your network.

Detected By

Displays the filter, scan engine, or managed product which detects the suspicious threat.

Policy/Rule

Displays the policy/rule the suspicious threat violates.

Recipient

Displays the recipient of the suspicious threat.

Sender

Displays the sender of the suspicious threat.

Subject

Displays the content of the subject line of the email containing spyware/grayware.

URL

Displays the URL considered a suspicious threat.

User

Displays the user name logged on to the destination when a managed product detects a suspicious threat.

IM/IRC User

Displays the instant messaging or IRC user name logged on when Total Discovery Appliance detects a violation.

Browser/FTP Client

Displays the Internet browser or FTP endpoint where the suspicious threat originates.

Channel Name

Displays the protocol that the instant messaging software or IRC use for communication.

File

Displays the name of the suspicious file.

File in Compressed File

Displays whether the suspicious threat originates from a compressed file.

File Size

Displays the size of the suspicious file.

File Extension

Displays the file extension of the suspicious file.

Example: .wmf, .exe, .zip

True File Type

Displays the "true" file type which is detected using the file's header not the file's extension.

Shared Folder

Displays whether the suspicious threat originates from a shared folder.

Authentication

Displays whether authentication was used.

BOT Command

Displays the command that bots send or receive to or from the control channel.

BOT URL

Displays the URL that bots receive their commands from.

Constraint Type

Displays the reason that a file cannot be scanned correctly.

Mitigation Result

Displays the result of the action the mitigation server takes against suspicious threats.

Mitigation Action

Displays the action the mitigation server takes against suspicious threats.

Example: File cleaned, File dropped, File deleted

Source IP Group

Displays the IP address group of the source where the suspicious threat originates.

Source Network Zone

Displays the network zone of the source where the suspicious threat originates.

Endpoint Group

Displays the IP address group of the endpoint the suspicious threat affects.

Endpoint Network Zone

Displays the network zone of the endpoint the suspicious threat affects.

Detections

Displays the total number of policy/rule violations managed products detect.

Example: A managed product detects 10 violation instances of the same type on one computer.

Detections = 10