Provides compliance information about application activity detected by Web Reputation Services
|
Data |
Description |
|---|---|
|
Received |
The date and time Apex Central received the data from the managed product |
|
Generated |
The date and time the managed product generated the data |
Product Entity |
The display name of the managed product server in Apex Central |
Product |
The name of the managed product or service Example: Apex One, ScanMail for Microsoft Exchange |
VLAN ID |
The VLAN ID (VID) of the source from which the suspicious threat originates |
Detected By |
The filter, scan engine, or managed product that detected the threat |
Traffic/Connection |
The direction of the transmission |
Protocol Group |
The broad protocol group from which a managed product detects the suspicious threat Example: FTP, HTTP, P2P |
Protocol |
The protocol from which a managed product detects the suspicious threat Example: ARP, BitTorrent |
Description |
Detailed description of the incident by Trend Micro |
Endpoint |
The host name of the computer in compliance of the policy/rule |
|
Source IP |
The source IP address of the detected threat |
|
Source MAC |
The source MAC address of the detected threat |
|
Source Port |
The source IP address port number of the detected threat |
|
Source IP Group |
The IP address group of the source where the suspicious threat originates |
|
Source Network Zone |
The network zone of the source where the suspicious threat originates |
|
Endpoint IP |
The IP address of the endpoint the suspicious threat affects |
|
Endpoint Port |
The port number of the endpoint the suspicious threat affects |
|
Endpoint MAC |
The MAC address of the endpoint the suspicious threat affects |
|
Endpoint Group |
The IP address group of the endpoint the suspicious threat affects |
|
Endpoint Network Zone |
The network zone of the endpoint the suspicious threat affects |
Policy/Rule |
The policy or rule that triggered the detection |
URL |
The URL object that triggered the detection |
|
Detections |
The total number of detections Example: A managed product detects 10 violations of the same type on one computer. Detections = 10 |
|
C&C List Source |
The C&C list source that identified the C&C server |
|
C&C Risk Level |
The risk level of the C&C server |
|
Threat Type |
The type of security threat |
|
Detection Severity |
The severity level of the event |
|
IP Address (Interested) |
The IP address of the target endpoint (source or destination) For an exchange occurring within the network, the Interested IP is the source IP address. If the traffic is an external traffic, the Interested IP is the destination IP address. |
|
IP Address (Peer) |
The IP address opposite of the Interested IP For example, if the Interested IP is the source IP address, then the Peer IP is the destination IP address. |
|
Matching Classified Events |
The log count matching the same aggregated rule |
|
Aggregated Matching Classified Events |
The aggregated log count matching the same rule |
|
Network Group |
The name of the group |
|
Host Severity |
The host severity |
|
Log ID |
The log ID |
|
Attack Phase |
The phase with which the attack happened |
|
Remarks |
Additional information about the event |
|
C&C Server |
The name, URL, or IP address of the C&C server |
|
C&C Server Type |
The type of C&C server |
|
Sender |
The sender of the transmission that triggered the detection |
|
Recipient |
The recipient(s) of the transmission that triggered the detection |
|
Subject |
The subject of the email message containing the web URL |