Deep Security enables you to generate a variety of reports. Reports display data for
a time period that you specify. You can generate reports for particular computers,
groups of computers, computers using a particular policy. You can also filter for
certain event tags. For details on configuring reports, see Generate reports about alerts and other activity.
One of the reports that you can generate is the Attack Report, which contains a summary
table and some additional information about the most frequent events. The summary
tables provides this information:
|
|
Detect Mode:
Numbers of events where Deep Security is configured to detect issues and log
events, but not take other actions.
|
Prevent Mode:
Numbers of events where Deep Security is configured to detect issues,
generate events, and take some sort of action.
|
Total:
Total of the numbers in the Detect Mode and Prevent Mode columns
|
Ratio:
Percentage of events prevented compared to total number detected
|
|
Anti-Malware
|
Passed: Deep Security detected malware and logged an event.
For information on how to change the action that Deep Security takes when it
detects malware, see Configure malware scans.
|
Cleaned: Deep Security cleaned an infected file by terminating
processes or deleting registries, files, cookies, or shortcuts, depending on
the type of malware.
Quarantined: Deep Security moved an infected file to the
"identified files" folder.
Deleted: Deep Security deleted an infected file.
Access Denied: Deep Security prevented an infected file from
being accessed, without removing the file from the system.
Terminated: A behavior monitoring scan determined that a
process was compromised and terminated the process to prevent further
infection. For details, see Enhanced anti-malware and ransomware scanning with behavior
monitoring.
|
|
|
|
Firewall
|
Displays the number of events triggered by rule-based checks and
configuration-based checks. For a list of events generated by
configuration-based checks, see the events with IDs less than 200 in Firewall
events.
|
|
|
|
|
Reconnaissance Scan
|
Number of reconnaissance scans detected by the Firewall module. For details
about the types of reconnaissance scans and suggested actions, see Warning: Reconnaissance Detected. For information on configuring
reconnaissance scan detection, see Firewall settings.
|
Reconnaissance scans are only performed in inline mode.
|
|
|
|
Exploit
|
Number of events generated by the Intrusion Prevention rules provided by
Trend Micro. There are 3 main types of Intrusion Prevention rules provided
by Trend Micro:
Intrusion Prevention rules also have an associated severity, depending on
the severity of the issue that the rule identifies: Critical, High,
Medium, Low.
|
|
||
|
Vulnerability
|
|
|
||
|
Smart
|
|
|
||
|
Policy
|
|
|
||
|
Info
|
|
|
||
|
Custom
|
Number of events generated by custom Intrusion Prevention rules that you
have written.
Intrusion Prevention rules have an associated severity, depending on the
severity of the issue that the rule identifies: Critical, High,
Medium, Low.
|
|
|
|
|
Non-Rule Based
|
Number of events found by the Intrusion Prevention engine code, rather than
by a rule.
|
|
|
|