Displays specific information about application activities that violate network security policies
|
Data |
Description |
|---|---|
|
Received |
The date and time Apex Central received the data from the managed product |
|
Generated |
The date and time the managed product generated the data |
Product Entity |
The display name of the managed product server in Apex Central |
|
Product |
The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange |
VLAN ID |
The VLAN ID (VID) of the source from which the suspicious threat originates |
Detected By |
The filter, scan engine, or managed product which detects the suspicious threat |
Traffic/Connection |
The direction of network traffic or the position on the network the suspicious threat originates |
Protocol Group |
The broad protocol group from which a managed product detects the suspicious threat Example: FTP, HTTP, P2P |
Protocol |
The protocol from which a managed product detects the suspicious threat Example: ARP, Bearshare, BitTorrent |
Description |
Detailed description of the incident by Trend Micro |
Endpoint Host |
The host name of the computer in compliance of the policy/rule |
Source IP |
The IP address of the source from which the suspicious threat originates |
Source MAC |
The MAC address of the source from which the suspicious threat originates |
Source Port |
The port number of the source from which the suspicious threat originates |
Source IP Group |
The IP address group of the source where the violation originates |
Source Network Zone |
The network zone of the source where the violation originates |
Endpoint IP |
The IP address of the endpoint the suspicious threat affects |
Endpoint Port |
The port number of the endpoint the suspicious threat affects |
Endpoint MAC |
The MAC address of the endpoint the suspicious threat affects |
Endpoint Group |
The IP address group of the endpoint the suspicious threat affects |
Endpoint Network Zone |
The network zone of the endpoint the suspicious threat affects |
|
Detections |
The total number of detections Example: Apex One detects 10 virus instances of the same virus on one computer. Detections = 10 |
|
Threat Type |
The specific type of security threat managed products detect |
|
Detection Severity |
The severity level of the incident |
|
IP Address (Interested) |
The IP address of the target endpoint (source or destination) For an exchange occurring within the network, the Interested IP is the source IP address. If the traffic is an external traffic, the Interested IP is the destination IP address. |
|
IP Address (Peer) |
The IP address opposite of the Interested IP For example, if the Interested IP is the source IP address, then the Peer IP is the destination IP address. |
|
Matching Classified Events |
The log count matching the same aggregated rule |
|
Aggregated Matching Classified Events |
The aggregated log count matching the same rule |
|
Network Group |
The name of the group |
|
Host Severity |
The host severity |
|
Log ID |
The log ID |