The Intrusion Prevention Rules screen displays the Intrusion Prevention Rules supported by Apex Central Vulnerability Protection. Intrusion Prevention Rules examine the actual content of network packets (and sequences of packets). Based on the conditions set within the Intrusion Prevention Rule, various actions are then carried out on these packets. These actions include replacing specifically defined or suspicious byte sequences, or completely dropping packets and resetting the connection.
-
To filter the list of rules, use the Search box to specify full or partial strings that appear in any of the columns.
-
To sort the list of Intrusion Prevention Rules by column data, click a column heading.
-
To view detailed Intrusion Prevention Rule Properties, click the link in the Rule Name column of a rule.
-
To exclude traffic from one or more source endpoints from Vulnerability Protection scanning, click Configure Exceptions and specify the source IP addresses.
Note:You can add up to 100 entries to the exception list.
Apex Central automatically imports/updates Intrusion Prevention Rules from the Apex One server during manual or scheduled component updates.
Each managed product provides different policy settings that you can configure and deploy to policy targets. You can find a complete list of supported managed products and the policy settings for each in the Apex Central Widget and Policy Management Guide.
You can download a PDF version of the guide, or view the guide online, using the following link:
https://docs.trendmicro.com/en-us/enterprise/apex-central.aspx
The following table outlines the rule information that displays on the Intrusion Prevention Rules screen.
Column |
Description |
---|---|
Identifier |
The unique identifier tag for the Intrusion Prevention Rule |
Rule Name |
The name of the Intrusion Prevention Rule |
Application Type |
The Application Type this Intrusion Prevention Rule is grouped under |
Severity |
The severity level that Trend Micro assigns to the rule Note:
The severity of a rule has no effect on how the rule is implemented or applied. Severity levels can be useful as sorting criteria when viewing a list of Intrusion Prevention Rules. |
Mode |
The network engine detection mode used by the Intrusion Prevention module. Click a mode to configure the setting for the rule. |
Type |
The type of vulnerability detected:
|
CVE |
The Common Vulnerabilities and Exposures (CVE®) identifier that MITRE assigns to the vulnerability For more information, see http://cve.mitre.org/. |
Microsoft |
The Common Vulnerabilities and Exposures (CVE®) identifier that Microsoft assigns to the vulnerability |
CVSS Score |
The Common Vulnerability Scoring System (CVSS) severity score of the vulnerability according the National Vulnerability Database For more information, see http://nvd.nist.gov/cvss.cfm. |
Last Updated |
The date and time the rule was last modified |