Product Logs
You can download most of the logs that registered products send to TMSP.
TMSP receives the following logs from Threat Discovery Appliance:
|
Logs that Threat Discovery Appliance sends to TMSP |
|
Logs |
Description |
Downloadable |
|
Detection logs |
Detection logs contain information about security threats, including malware activities blocked by Outbreak Containment Services. TMSP analyzes detection logs and then correlates them with a set of rules to calculate the number of unique threat incidents in the network. Information about threat incidents and the risk they pose is available in the administrative and executive reports. |
Yes |
|
Application filter logs |
Application filter logs contain information about potential security threats that Disruptive Applications may introduce into the network. Information about disruptive applications and the risk they pose is available in the executive reports. |
Yes |
|
URL filtering logs |
URL filtering logs contain information about websites and pages that Trend Micro Smart Protection technology verifies to be fraudulent or known sources of threats. Information about the websites and pages and the risk they pose is available in the executive reports.
|
Yes |
|
Security compliance logs |
Security compliance logs contain information about violations to Security Compliance rules. Information about the security compliance violations and the risk they pose is available in the executive reports.
|
No Contact your support provider for assistance in extracting these logs from TMSP. |
Threat Discovery Appliance also sends network configuration data to TMSP. Network configuration data includes:
TMSP displays network configuration data in reports and in various places in the administrative console. You can view network configuration data from the Threat Discovery Appliance web console.
TMSP receives the following logs from Threat Mitigator:
|
Logs that Threat Mitigator sends to TMSP |
|
Logs |
Description |
Downloadable |
|
Threat event logs |
Threat Mitigator sends logs related to threat mitigation, including threat cleanup and custom pattern deployment. Information about endpoints with threat mitigation issues is available in:
|
Yes |
|
Root cause logs |
Threat Mitigator sends logs that trace the root cause of infections. Use these logs to:
Information about the root cause of infections is available in the executive and administrative reports. |
No Contact your support provider for assistance in extracting these logs from TMSP. |
To download detection or threat event logs:
Registered Products
Click Download under the Detection/Threat Event Logs column.
In the screen that displays, type a date in the From and To fields or use the calendar icon to select a date.
Click Download.
Save the .csv file to your preferred location.
To download URL filtering logs:
Registered Products
Click Download under the URL Filtering Logs column.
Select the monitored networks to obtain logs from. You can also click Specific monitored network and then type the monitored network names in the text box provided. Separate names by commas.
Optionally include endpoints that do not belong to any monitored network.
Select the network zone for monitored networks.
Type a date in the From and To fields or use the calendar icon to select a date.
Choose the IP addresses in the monitored networks to obtain logs from.
All: Includes all IP addresses for the selected monitored networks, including IP addresses of endpoints that do not belong to any monitored network if you chose that option
IP address range: Type the IP addresses in the fields provided.
Click Download.
Save the .csv file to your preferred location.
To download application filter logs:
Registered Products
Click Download under the Application Filter Logs column.
Select the monitored networks to obtain logs from. You can also click Specific monitored network and then type the monitored network names in the text box provided. Separate names by commas.
Optionally include endpoints that do not belong to any monitored network.
Select the network zone for monitored networks.
Type a date in the From and To fields or use the calendar icon to select a date.
Choose the IP addresses in the monitored networks to obtain logs from.
All: Includes all IP addresses for the selected monitored networks, including IP addresses of endpoints that do not belong to any monitored network if you chose that option
IP address range: Type the IP addresses in the fields provided.
Click Download.
Save the .csv file to your preferred location.
See also: