Views:

This version of Apex Central includes the following new features and enhancements.

Feature

Description

Event Notifications

The following Event Notification settings have been disabled to prevent too many unnecessary notifications from being sent to recipients (Detections > Notifications > Event Notifications > Advanced Threat Activity):

  • C&C callback alert

  • C&C callback outbreak alert

  • Correlated incident detections

Table 1. Previous Updates

Feature

Description

Additional Advanced Threat Activity notifications

Apex Central supports Advanced Threat Activity event notifications for Behavior Monitoring violations and Predictive Machine Learning detections.

Advanced Logging Policy optimization

The Advanced Logging Policy for Apex One Vulnerability Protection (Policies > Policy Management > Apex One Security Agent > Vulnerability Protection Settings > Network Engine Settings) uses "Stateful, Frag, and Verifier Suppression" by default to exclude fragmentation and verifier related events.

Concurrent session limitation

Apex Central allows administrators to prevent multiple web console sessions per user account.

Critical event auditing

The Apex One server and Security Agents collect Windows event logs related to critical system events (move Security Agent, uninstall Security Agent, reset password) and sends the logs to Apex Central Product Auditing Event logs.

Dashboard enhancements

  • The name of the Operation Center tab has changed to Security Posture, the name of the Threat Detection tab has changed to Threat Statistics, and the widgets on the former DLP Incident Investigation tab have moved to the Data Loss Prevention tab.

  • Toggle the Table view on the Security Posture dashboard tab to display the chart nodes, critical threats, and antivirus pattern compliance information in a table.

Enhanced API integration

Apex Central provides APIs for forwarding detection logs in CEF format, Product Auditing Events, Security Agent pattern update statuses, or Security Agent engine update statuses to SIEM servers.

For more information, see https://automation.trendmicro.com/apex-central/home.

Impact Analysis enhancement

The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.

New dashboard widgets

  • The Quick Investigation widget allows you to start Historical Investigations directly from the dashboard.

  • Use the Attack Discovery Detections widget to view detection logs generated by the Endpoint Sensor Attack Discovery feature.

    Attack Discovery logs include MITRE™ Tactics and Techniques information and Windows Antimalware Scan Interface (AMSI) data.

  • The Top Endpoints Affected by IPS Events, Top IPS Attack Sources, and Top IPS Events widgets provide greater visibility for Intrusion Prevention events on your network.

Password complexity enhancement

  • Apex Central user accounts have stronger password complexity requirements.

  • The Unload and Uninstall Security Agent features include enhanced password complexity requirements for better security.

Policy inheritance

Enhancements to Behavior Monitoring, Predictive Machine Learning, and the Trusted Program List policies allow for policy inheritance support.

SQL Server support

Apex Central supports Microsoft SQL Server 2019 Cumulative Update 4 (CU4) and SQL Server Express CU4.

Syslog enhancements

  • Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server.
  • Common Event Format (CEF) syslogs indicate the type of critical threat detected.

Vulnerability patches

Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.

Web browser support

Apex Central supports Microsoft Edge (Chromium).