ZDI Filter Hits | Trend Micro Service Central

Zero Day Initiative (ZDI) Filter Hits identify blocked and permitted hits for predisclosed and disclosed filters.

DV filter protection covers the time between when a vulnerability is discovered and when a patch is made available. In addition, DV filters provide added protection for legacy, unsupported software. DV packages are delivered weekly, or immediately when critical vulnerabilities emerge, and can be deployed automatically with no user interaction required. Learn more: Digital Vaccines.

ZDI Filter Hits include:

Predisclosed Filters - Include limited details to protect the secrecy of a ZDI vulnerability discovery until a product vendor can develop a patch. Although Predisclosed filters apply to critical security events and do not describe the vulnerability to you, the filters provided through the DV service still protect your network environment from the unpatched vulnerability.

Note

Predisclosed filter event hits display regardless of the time range you select. For example, if you narrow the ZDI Filter Hits to the last 7 days, an event from the last 30 days will still display.

Disclosed Filters - After details are made public in coordination with the product vendor, the DV service provides an updated description.

To view ZDI Filter Hits on the SMS web management console, select Threat Insights → ZDI Filter Hits. The following information displays.

Heading	Description
Filter	Name of the filter that generated the alert or block.
CVE	Unique tracking number used to identify a Common Vulnerabilities and Exposures (CVE). CVE IDs are publicly known security vulnerabilities.
Released	Date the filter was released by the TMC.
Filter Disclosed	Date the filter was publicly disclosed, if available.
Last Hit Time	Date and time that the filter was processed by the inspection.
Blocked Hits	Number of times traffic was blocked by a filter and an event was generated.
Permitted Hits	Number of times traffic matched a filter and was permitted to flow through. If you see permitted hits, consider updating your security policy. You can change the action set to block or block + notify. Learn more: Action sets. You can also associate your policy with a Responder Policy. Learn more: