Detailed Web Reputation Information

Displays overall information about application activity on your network. Example: the managed product that detects the security compliance, the name of the specific policy in compliance, the total number of security compliance on the network

Table 1. Detailed Web Reputation Information Data View

Data

Description

Received

The time at which Control Manager receives data from the managed product.

Generated

The time at which the managed product generates data.

Product Entity

The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.

Product

The name of the managed product.

Example: OfficeScan, ScanMail for Microsoft Exchange

VLAN ID

Displays the VLAN ID (VID) of the source from which the suspicious threat originates.

Detected By

Displays the filter, scan engine, or managed product which detects the suspicious threat.

Traffic/Connection

Displays the direction of network traffic or the position on the network the suspicious threat originates.

Protocol Group

Displays the broad protocol group from which a managed product detects the suspicious threat.

Example: FTP, HTTP, P2P

Protocol

Displays the protocol from which a managed product detects the suspicious threat.

Example: ARP, Bearshare, BitTorrent

Description

Detailed description of the incident by Trend Micro.

Endpoint

Displays the host name of the computer in compliance of the policy/rule.

Source IP

Displays the IP address of the source from which the suspicious threat originates.

Source MAC

Displays the MAC address of the source from which the suspicious threat originates.

Source Port

Displays the port number of the source from which the suspicious threat originates.

Source IP Group

Displays the IP address group of the source where the suspicious threat originates.

Source Network Zone

Displays the network zone of the source where the suspicious threat originates.

Endpoint IP

Displays the IP address of the endpoint the suspicious threat affects.

Endpoint Port

Displays the port number of the endpoint the suspicious threat affects.

Endpoint MAC

Displays the MAC address of the endpoint the suspicious threat affects.

Endpoint Group

Displays the IP address group of the endpoint the suspicious threat affects.

Endpoint Network Zone

Displays the network zone of the endpoint the suspicious threat affects.

Policy/Rule

Displays the policy/rule the suspicious threat violates.

URL

Displays the URL considered a suspicious threat.

Detections

Displays the total number of policy/rule violations managed products detect.

Example: A managed product detects 10 violation instances of the same type on one computer.

Detections = 10

C&C List Source

Displays the C&C list source that identified the C&C server.

C&C Risk Level

Displays the risk level of the C&C server.

Threat Type

Displays the specific type of security threat managed products detect.

Detection Severity

Displays the severity level of the incident.

IP Address (Interested)

Displays the IP address of the target endpoint (source or destination).

For an exchange occurring within the network, the Interested IP is the source IP address. If the traffic is an external traffic, the Interested IP is the destination IP address.

IP Address (Peer)

Displays the IP address opposite of the Interested IP.

For example, if the Interested IP is the source IP address, then the Peer IP is the destination IP address.

Matching Classified Events

Displays the log count matching the same aggregated rule.

Aggregated Matching Classified Events

Displays the aggregated log count matching the same rule.

Network Group

Displays the name of the group.

Host Severity

Displays the host severity.

Log ID​

Displays the log ID.

Attack Phase

Displays the phase with which the attack happened.

Remarks

Displays descriptions related to the attack.

C&C Server

Displays the name, URL, or IP address of the C&C server.

C&C Server Type

Displays the server type.

Sender

Displays the sender address where the transmission originated.

Recipient

Displays the destination address(es) of the transmission.

Subject

Displays the subject line of the email message containing the web URL.