Provides specific information about firewall
violations on your network, such as the managed product that detected the
violation, the source and destination of the transmission, and the total number of
firewall violations
Detailed Firewall Violation Information Data View
|
Data
|
Description
|
|
Received
|
The date and time Apex Central received
the data from the managed product
|
|
Generated
|
The date and time the managed product generated the
data
|
|
Product Entity/Endpoint
|
Depending on the related source:
|
|
Product
|
The name of the managed product or service
Example: Apex One, ScanMail for Microsoft Exchange
|
|
Event Type
|
The type of event that triggered the detection
Example: intrusion, policy violation
|
|
Risk Level
|
The Trend Micro assessment of risk to your network
Example: High security, low security, medium security
|
|
Traffic/Connection
|
The direction of the transmission
|
|
Protocol
|
The protocol the intrusion uses
Example:
HTTP, SMTP, FTP
|
|
Source Port
|
The source IP address port number of the detected
threat
|
|
Source IP
|
The source IP address of the detected threat
|
|
Destination Port
|
The port number accessed by the detected threat
|
|
Destination IP
|
The IP address of the endpoint accessed by the detected threat
|
|
Target Process
|
The process the violation targeted
|
|
Description
|
The detailed description of the incident by Trend Micro
|
|
Action
|
The action taken by the managed product
Example: file cleaned, file
quarantined, file passed
|
|
Detections
|
The total number of detections
Example: A managed product detects 10 violation instances of the same type on one
computer
Detections = 10
|