Detailed Firewall Violation Information

Provides specific information about the firewall violations on your network. Example: the managed product that detects the firewall violation, specific information about the source and destination, the total number of firewall violations on the network

Table 1. Detailed Firewall Violation Information Data View

Data

Description

Received

Displays the time that Control Manager receives data from the managed product

Generated

Displays the time that the managed product generates data

Product Entity/Endpoint

This data column displays one of the following:

  • The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name

  • The IP address or host name of a computer with an agent (for example, OfficeScan agent) installed

Product

Displays the name of the managed product

Example: OfficeScan, ScanMail for Microsoft Exchange

Event Type

Displays the type of event that triggers the violation. Example: intrusion, policy violation

Risk Level

Displays the Trend Micro assessment of risk to your network.

Example: High security, low security, medium security

Traffic/Connection

Displays the direction of violation entry

Protocol

Displays the protocol the intrusion uses

Example: HTTP, SMTP, FTP

Source IP

Displays the IP address of the computer attempting an intrusion on your network

Endpoint Port

Displays the port number of the computer under attack

Endpoint IP

Displays the IP address of the computer under attack

Target Application

Displays the application the intrusion has targeted

Description

Detailed description of the incident by Trend Micro

Action

Displays the type of action managed products take against policy violations

Example: file cleaned, file quarantined, file passed

Detections

Displays the total number of policy/rule violations managed products detect

Example: A managed product detects 10 violation instances of the same type on one computer

Detections = 10