Column Name
|
Preselected
|
Description
|
---|---|---|
IP Address
|
X
|
IP address of the affected host
|
Host Name
|
X
|
Computer name of the host
|
MAC Address
|
Media Access Control address of a network node
|
|
Network Group
|
X
|
Network group that an IP address/host is assigned
|
Host Severity
|
X
|
Highest impact on a host determined from aggregated
detections by Trend Micro
products and services
For details about the Host Severity scale, see Host Severity.
|
Most Notable
Threat
|
X
|
Threat description of the highest
severity detection
|
Latest Detection
|
X
|
Most recent detection, based on timestamp
|
NoteThe default IP Address, Host
Severity and Latest Detection
columns cannot be removed.
|
Column Name
|
Preselected
|
Description
|
---|---|---|
Targeted Attack
|
A threat that aims to exfiltrate data from a target
system
For details, see APT Attack Sequence
|
Columns
|
Preselected
|
Description
|
---|---|---|
Intelligence Gathering
|
X
|
Attackers identify and research target individuals using
public sources (for example, social media websites) and
prepare a customized attack.
|
Point of Entry
|
X
|
The initial compromise is typically from zero-day malware
delivered via social engineering (email, IM, or drive-by
download). A backdoor is created and the network can now
be infiltrated. Alternatively, a website exploitation or
direct network hack may be employed.
|
C&C Communication
|
X
|
C&C communication is typically used throughout the
attack, allowing the attacker to instruct and control
the malware used, and to exploit compromised machines,
move laterally within the network, and exfiltrate
data.
|
Lateral Movement
|
X
|
Once inside the network, an attacker compromises
additional machines to harvest credentials, escalate
privilege levels, and maintain persistent control.
|
Asset/Data Discovery
|
X
|
Several techniques (such as port scanning) are used to
identify the noteworthy servers and the services that
house the data of interest.
|
Data Exfiltration
|
X
|
Once sensitive information is gathered, the data is
funneled to an internal staging server where it is
chunked, compressed, and often encrypted for
transmission to external locations under an attacker's
control.
|
Unknown Attack Phase
|
X
|
Detection is triggered by a rule that is not associated
with an attack phase.
|
Name
|
Filter Options
|
---|---|
Hosts with Targeted Attack detections
|
Notable events in Targeted Attack
|
Hosts with C&C Communication detections
|
Notable events in C&C Communication
|
Hosts with Lateral Movement detections
|
Notable events in Lateral Movement
|