Detailed Firewall Violation Information

Provides specific information about the firewall violations on your network. Example: the managed product that detects the firewall violation, specific information about the source and destination, the total number of firewall violations on the network

Table 1. Detailed Firewall Violation Information Data View

Data

Description

Received

Displays the time that Control Manager receives data from the managed product.

Generated

Displays the time that the managed product generates data.

Product Entity/Endpoint

This data column displays one of the following:

  • The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.

  • The IP address or host name of a computer with an agent (for example OfficeScan agent) installed, that is under attack.

Product

Displays the name of the managed product.

Example: OfficeScan, ScanMail for Microsoft Exchange

Event Type

Displays the type of event that triggers the violation. Example: intrusion, policy violation

Risk Level

Displays the Trend Micro assessment of risk to your network.

Example: high security, low security, medium security

Traffic/Connection

Displays the direction of violation entry.

Protocol

Displays the protocol the intrusion uses.

Example: HTTP, SMTP, FTP

Source IP

Displays the IP address of the computer attempting an intrusion on your network.

Endpoint Port

Displays the port number of the computer under attack.

Endpoint IP

Displays the IP address of the computer under attack.

Target Application

Displays the application the intrusion has targeted.

Description

Detailed description of the incident by Trend Micro.

Action

Displays the type of action managed products take against policy violations.

Example: file cleaned, file quarantined, file passed

Detections

Displays the total number of policy/rule violations managed products detect.

Example: A managed product detects 10 violation instances of the same type on one computer.

Detections = 10