Apex Central log types correspond
to specific data views for custom report templates. You can use the following data
views to
create custom report templates for your log query results.
For more information, see the following topics:
Security Logs
|
Log Name
|
Data View
|
Description
|
|
System Events:
|
||
|
Virus/Malware
|
Detailed Virus/Malware Information
|
Provides specific information about the virus/malware
detections on your network, such as the managed product that detected the
viruses/malware, the name of the virus/malware, and the infected endpoint
For more information, see Detailed Virus/Malware Information.
|
|
Spyware/Grayware
|
Detailed Spyware/Grayware Information
|
Provides specific information about the
spyware/grayware detections on your network, such as the managed product that
detected the spyware/grayware, the name of the spyware/grayware, and the name of
the infected endpoint
For more information, see Detailed Spyware/Grayware Information.
|
|
Suspicious Files
|
Detailed Suspicious File Information
|
Provides specific information about suspicious files
detected on your network
For more information, see Detailed Suspicious File Information.
|
|
Behavior Monitoring
|
Detailed Behavior Monitoring Information
|
Provides specific information about Behavior Monitoring
events on your network
For more information, see Detailed Behavior Monitoring Information.
|
|
Integrity Monitoring
|
Integrity Monitoring Information
|
Use to monitor specific changes to an endpoint, such
as installed software, running services, processes, files, directories, listening
ports, registry keys, and registry values
For more information, see Integrity Monitoring Information.
|
|
Application Control
|
Detailed Application Control Violation Information
|
Provides specific information about application control
violations on your network, such as the violated Security Agent policy and
criteria
For more information, see Detailed Application Control Violation
Information.
|
|
Device Control
|
Device Access Control Information
|
Provides specific information about Device Access Control
events on your network
For more information, see Device Access Control Information.
|
|
Endpoint Security Compliance
|
Detailed Endpoint Security Compliance Information
|
Provides specific information about endpoint
security compliance on your network
For more information, see Detailed Endpoint Security Compliance Information.
|
|
Endpoint Security Violations
|
Detailed Endpoint Security Violation Information
|
Provides specific information about endpoint
security violations on your network
For more information, see Detailed Endpoint Security Violation Information.
|
|
Predictive Machine Learning
|
Detailed Predictive Machine Learning Information
|
Provides specific information about advanced unknown
threats detected by Predictive Machine Learning
For more information, see Detailed Predictive Machine Learning Information.
|
|
Virtual Analyzer
|
Detailed Virtual Analyzer Detection Information
|
Provides specific information about advanced unknown threats
detected by Virtual Analyzer
For more information, see Virtual Analyzer Detection
Information.
|
|
Virtual Analyzer Suspicious Objects
|
Detailed Virtual Analyzer Suspicious Object Impact Information
|
Provides detailed information about the impact of
Virtual Analyzer suspicious objects
For more information, see Detailed Virtual Analyzer Suspicious Object
Impact Information.
|
|
Attack Discovery
|
Attack Discovery Detection Information
|
Provides general information about threats detected by
Attack Discovery
For more information, see Attack Discovery Detection
Information.
|
|
Gray Detections
|
Gray Detection Information
|
Provides detailed information about possible indicators of
attack detected on your network
For more information, see Gray Detection Information.
|
|
Network Events:
|
||
|
Spam Connections
|
Spam Connection Information
|
Provides specific information about the source of spam on
your network, such as the managed product that detected the spam, the specific
action taken by the managed product, and the total number of spam detected
For more information, see Spam Connection Information.
|
|
Content Violations
|
Detailed Content Violation Information
|
Provides specific information about the
email
messages with content violations,
such as the
managed product that detected the content violation, the sender(s) and
recipients(s) of the email message, the name of the content violation policy, and
the total number of violations detected
For more information, see Detailed Content Violation Information.
|
|
Email Messages with Advanced Threats
|
Email Messages with Advanced Threats
|
Provides specific information about email messages
with advanced threats, such as anomalous behavior, false or misleading data,
suspicious and malicious behavior patterns, and strings that indicate system
compromise but require further investigation to confirm
For more information, see Email Messages with Advanced Threats.
|
|
Web Reputation
|
Detailed Web Reputation Information
|
Provides
compliance information about application activity detected by Web Reputation
Services
For more information, see Detailed Web Reputation Information.
|
|
Web Violations
|
Detailed Web Violation Information
|
Provides specific information about web violations on
your network
For more information, see Detailed Web Violation Information.
|
|
Firewall Violations
|
Detailed Firewall Violation Information
|
Provides specific information about firewall
violations on your network, such as the managed product that detected the
violation, the source and destination of the transmission, and the total number of
firewall violations
For more information, see Detailed Firewall Violation Information.
|
|
Network Content Inspection
|
Network Content Inspection Information
|
Provides specific information about network content
violations on your network
For more information, see Network Content Inspection Information.
|
|
Intrusion Prevention
|
Detailed Intrusion Prevention Information
|
Provides specific information to help you achieve
timely protection against known and zero-day attacks, defend against web
application vulnerabilities, and identify malicious software accessing the
network
For more information, see Detailed Intrusion Prevention Information.
|
|
C&C Callbacks
|
Detailed C&C Callback Information
|
Provides specific information about C&C callback events
detected on your network
For more information, see Detailed C&C Callback Information.
|
|
Suspicious Threats
|
Detailed Suspicious Threat Information
|
Provides specific information about suspicious threats
on your network, such as the managed product that detected the suspicious threat,
specific information about the source and destination, and the total number of
suspicious threats on the network
For more information, see Detailed Suspicious Threat Information.
|
|
Application Activity
|
Detailed Application Activity
|
Displays specific information about application
activities that violate network security policies
For more information, see Detailed Application Activity.
|
|
Mitigation
|
Detailed Mitigation Information
|
Provides specific information about tasks carried out
by mitigation servers to resolve threats on your network
For more information, see Detailed Mitigation Information.
|
|
Correlation
|
Detailed Correlation Information
|
Provides specific information about detailed threat
analyses and remediation recommendations
For more information, see Detailed Correlation Information.
|
|
Data Protection Events:
|
||
|
Data Loss Prevention
|
DLP Incident Information
|
Provides specific information about incidents detected by
Data Loss Prevention
For more information, see DLP Incident Information.
|
|
Data Discovery
|
Data Discovery Data Loss Prevention Detection Information
|
Displays specific information about incidents detected
by Data Discovery
For more information, see Data Discovery Data Loss Prevention Detection Information.
|
Product Information
|
Log Name
|
Data View
|
Description
|
|
Managed Product:
|
||
|
Product Status
|
Product Status Information
|
Provides detailed information about managed products
registered to the Apex Central server, such as the managed product version and build
number, and the managed product server operating system
For more information, see Product Status Information.
|
|
Product Events
|
Product Event Information
|
Provides information about managed product events,
such as managed products registering to Apex Central, component
updates, and Activation Code deployments
For more information, see Product Event Information.
|
|
Product Auditing Events
|
Product Auditing Event Log
|
Provides information about managed product auditing
events, such as managed product console access
For more information, see Product Auditing Event Log.
|
|
Apex Central:
|
||
|
Command Tracking
|
Command Tracking Information
|
Provides information about commands Apex Central issued to
managed products, such as the date and time Apex Central issued
commands for component updates or Activation Code deployments, and the status of
the commands
For more information, see Command Tracking Information.
|
|
Apex Central Events
|
Apex Central Event Information
|
Provides information about Apex Central server
events, such as managed products registering to Apex Central, component
updates, and Activation Code deployments
For more information, see Apex Central Event Information.
|
|
Unmanaged Endpoints
|
Unmanaged Endpoints
|
Provides information about detected endpoints that do
not have a Trend Micro Security Agent installed
For more information, see Unmanaged Endpoint Information.
|
|
User Access
|
User Access Information
|
Provides information about Apex Central user access
and the activities users perform while logged on to Apex Central
For more information, see User Access Information.
|
|
Product Licenses
|
Detailed Product License Information
|
Provides information about the Activation Codes and
licensing status of managed products or services, such as the managed product
version and license expiration date
For more information, see Detailed Product License Information.
|