The following table
explains the detection details viewable after expanding a detection entry. Detection
details
are divided into three sections: Detection Information, Connection
Information, and Virtual Analyzer Report. The Virtual Analyzer
Report section displays only if there are Virtual Analyzer reports for that
detection. The contents of each display field varies depending on the type of detected
threat.
Detection Information
|
Field
|
Description
|
|
Risk level
|
High, Medium, Low, or User Defined.
|
|
Detected by
|
|
|
Threat type
|
|
|
Threat name
|
Click the listed threat name to get correlated information about
suspicious objects detected in your environment and threat data from the Trend Micro
Smart Protection Network, which provides relevant and actionable intelligence.
|
|
File name
|
The name of the file, if any, for the detection.
|
|
File SHA1
|
The file SHA1, if any, for the detection.
|
|
Policy name
|
The name of the policy applied to the detection.
|
|
Action
|
Monitor or Block.
|
Connection Information
|
Field
|
Description
|
|
Timestamp
|
The latest detection time.
|
|
User name
|
The user name or IP address (if Active Directory Services is not enabled).
|
|
Active Directory domain
|
Active Directory domain information
|
|
Client IP
|
The source for the object.
|
|
Server IP
|
The destination for the object.
|
|
URL
|
The URL of the detected object.
|
|
URL category
|
The URL category of the detected object.
|
|
Protocol
|
The network protocol used for the detected object.
|
Virtual Analyzer Report
The reports and investigation package summarize the sandbox analysis overview
and detailed threat characteristics. The Virtual Analyzer reports are available for
the
detection types "Suspicious Objects Analysis (Virtual Analyzer)" and "Suspicious Objects
Filter (Virtual Analyzer)".
 |
NoteIf the detection log can be associated with an existing Virtual Analyzer report, the
section “Virtual Analyzer Report” is shown. If a report does not exist for the selected
detection, the section is hidden.
|
|
Field
|
Description
|
|
Report
|
Provides links to download the Virtual Analyzer HTML and PDF
report.
|
|
Investigation package
|
Provides the link to download the raw investigation package. The
decompress password is 'virus'.
|