Provides specific information about firewall violations on your network, such as the managed product that detected the violation, the source and destination of the transmission, and the total number of firewall violations
Data |
Description |
---|---|
Received |
The date and time Apex Central received the data from the managed product |
Generated |
The date and time the managed product generated the data |
Product Entity/Endpoint |
Depending on the related source:
|
Product |
The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange |
Event Type |
The type of event that triggered the detection Example: intrusion, policy violation |
Risk Level |
The Trend Micro assessment of risk to your network Example: High security, low security, medium security |
Traffic/Connection |
The direction of the transmission |
Protocol |
The protocol the intrusion uses Example: HTTP, SMTP, FTP |
Source Port |
The source IP address port number of the detected threat |
Source IP |
The source IP address of the detected threat |
Destination Port |
The port number accessed by the detected threat |
Destination IP |
The IP address of the endpoint accessed by the detected threat |
Target Process |
The process the violation targeted |
Description |
The detailed description of the incident by Trend Micro |
Action |
The action taken by the managed product Example: file cleaned, file quarantined, file passed |
Detections |
The total number of detections Example: A managed product detects 10 violation instances of the same type on one computer Detections = 10 |