Views:

Provides specific information about firewall violations on your network, such as the managed product that detected the violation, the source and destination of the transmission, and the total number of firewall violations

Table 1. Detailed Firewall Violation Information Data View

Data

Description

Received

The date and time Apex Central received the data from the managed product

Generated

The date and time the managed product generated the data

Product Entity/Endpoint

Depending on the related source:

  • The display name of the managed product server in Apex Central

  • The name or IP address of the endpoint

Product

The name of the managed product or service

Example: Apex One, ScanMail for Microsoft Exchange

Event Type

The type of event that triggered the detection

Example: intrusion, policy violation

Risk Level

The Trend Micro assessment of risk to your network

Example: High security, low security, medium security

Traffic/Connection

The direction of the transmission

Protocol

The protocol the intrusion uses

Example: HTTP, SMTP, FTP

Source Port

The source IP address port number of the detected threat

Source IP

The source IP address of the detected threat

Destination Port

The port number accessed by the detected threat

Destination IP

The IP address of the endpoint accessed by the detected threat

Target Process

The process the violation targeted

Description

The detailed description of the incident by Trend Micro

Action

The action taken by the managed product

Example: file cleaned, file quarantined, file passed

Detections

The total number of detections

Example: A managed product detects 10 violation instances of the same type on one computer

Detections = 10