Data Sources

Data Sources

Threat information received from the following data sources prompts Threat Mitigator to issue mitigation tasks to the affected endpoints:

• Threat Discovery Appliance

• Endpoint security logs

Threat Discovery Appliance

Register Threat Discovery Appliance to Threat Mitigator to allow the appliance to send threat event information. Registration is done from the Threat Discovery Appliance console.

• For information on the Threat Discovery Appliance versions compatible with Threat Mitigator, see Threat Mitigator Integration.

Endpoint Security Risk Logs

Threat Management Agent can monitor Trend Micro™ OfficeScan™ security risk logs and perform mitigation if necessary.

The log monitoring feature supports OfficeScan 10 or later and only checks virus/malware detection logs during Real-time Scan.

• OfficeScan provides other scan types, such as Manual Scan and Scheduled Scan.

Threat mitigation is triggered when virus/malware detection logs contain any of the following scan results:

• Quarantined

• Unable to quarantine the file

• Unable to clean or quarantine the file

• Renamed

• Unable to rename the file

• Unable to clean or rename the file

• Deleted

• Unable to delete the file

• Unable to clean or delete the file

During threat mitigation, the agent retrieves the path of an infected file and then uses the Pattern-free Mitigation Engine to check for other files or processes associated with the infected file.

To register Threat Discovery Appliance to Threat Mitigator:

1. Open the Threat Discovery Appliance console.

2. Navigate to Mitigation > Mitigation Settings.

3. Click Enable beside Mitigation Device Enforcement.

4. Type the Threat Mitigator server name or IP address, and description.

5. Specify the IP address ranges that will receive mitigation tasks from Threat Discovery Appliance.

• To save network bandwidth, define specific IP addresses for Threat Mitigator. Threat Discovery Appliance only sends mitigation tasks for these specific IP addresses to Threat Mitigator. If the IP address range remains empty, all mitigation requests will be sent to Threat Mitigator.

6. Click Register. The Cleanup Settings screen appears.

7. (Optional) Select the Types of Security Risks/Threats to send to Threat Mitigator.

8. Click Apply.

To configure data sources:

• Mitigation Settings > Data Sources

1. Select Monitor virus/malware logs to allow the agent to monitor security risk logs.

• If the option is disabled, the agent stops monitoring security risk logs.

2. Click Save.

3. View the Threat Discovery Appliances registered to Threat Mitigator.

4. Use the trash bin icon to remove Threat Discovery Appliance from the list. When you remove the appliance from the list, the appliance continues to send mitigation requests to Threat Mitigator, but Threat Mitigator ignores the requests. Unregister Threat Discovery Appliance from Threat Mitigator to prevent the appliance from sending mitigation requests. Unregistration is done from the Threat Discovery Appliance console.

See also:

• Threat Mitigation

• Mitigation Settings

• Mitigation Tasks

• Threat Management

• Threat Mitigator Integration