Provides
compliance information about application activity detected by Web Reputation
Services
Detailed Web Reputation Information Data View
|
Data
|
Description
|
|
Received
|
The date and time Apex Central received
the data from the managed product
|
|
Generated
|
The date and time the managed product generated the
data
|
|
Product Entity
|
The display name of the managed product
server in Apex Central
|
|
Product
|
The name of the managed product or service
Example: Apex One, ScanMail for Microsoft Exchange
|
|
VLAN ID
|
The VLAN ID (VID) of the source from which the suspicious threat originates
|
|
Detected By
|
The filter, scan engine, or managed product that detected the threat
|
|
Traffic/Connection
|
The direction of the transmission
|
|
Protocol Group
|
The broad protocol group from which a managed product detects the suspicious
threat
Example:
FTP, HTTP, P2P
|
|
Protocol
|
The protocol from which a managed product detects the suspicious threat
Example: ARP, BitTorrent
|
|
Description
|
Detailed description of the incident by Trend Micro
|
|
Endpoint
|
The host name of the computer in compliance of the
policy/rule
|
|
Source IP
|
The source IP address of the detected threat
|
|
Source MAC
|
The source MAC address of the detected threat
|
|
Source Port
|
The source IP address port number of the detected
threat
|
|
Source IP Group
|
The IP address group of the source where the suspicious
threat originates
|
|
Source Network Zone
|
The network zone of the source where the suspicious
threat originates
|
|
Endpoint IP
|
The IP address of the endpoint the suspicious threat
affects
|
|
Endpoint Port
|
The port number of the endpoint the suspicious threat
affects
|
|
Endpoint MAC
|
The MAC address of the endpoint the suspicious threat
affects
|
|
Endpoint Group
|
The IP address group of the endpoint the suspicious
threat affects
|
|
Endpoint Network Zone
|
The network zone of the endpoint the suspicious threat
affects
|
|
Policy/Rule
|
The policy or rule that triggered the
detection
|
|
URL
|
The URL object that triggered the detection
|
|
Detections
|
The total number of detections
Example: A managed product detects 10 violations of the same type on one
computer.
Detections = 10
|
|
C&C List Source
|
The C&C list source that identified the C&C
server
|
|
C&C Risk Level
|
The risk level of the C&C
server
|
|
Threat Type
|
The type of security threat
|
|
Detection Severity
|
The severity level of the event
|
|
IP Address (Interested)
|
The IP address of the target endpoint (source or destination)
For an exchange occurring within the network, the Interested IP is the source IP address.
If the
traffic is an external traffic, the Interested IP is the destination IP address.
|
|
IP Address (Peer)
|
The IP address opposite of the Interested IP
For example, if the Interested IP is the source IP address, then the Peer IP is the
destination
IP address.
|
|
Matching Classified Events
|
The log count matching the same aggregated rule
|
|
Aggregated Matching Classified Events
|
The aggregated log count matching the same rule
|
|
Network Group
|
The name of the group
|
|
Host Severity
|
The host severity
|
|
Log ID
|
The log ID
|
|
Attack Phase
|
The phase with which the attack
happened
|
|
Remarks
|
Additional information about the
event
|
|
C&C Server
|
The name, URL, or IP address of the C&C
server
|
|
C&C Server Type
|
The type of C&C server
|
|
Sender
|
The sender of the transmission that triggered the
detection
|
|
Recipient
|
The recipient(s) of the transmission that triggered
the detection
|
|
Subject
|
The subject of the email message containing the web
URL
|