Views:
The following table outlines the information available for each custom filter.
Field
Description
Filter name
The name of the custom filter
Important
Important
An information icon (disabled=6e5bd66a-4b63-4096-867e-128dce2c0ebf.jpg) next to the filter name indicates filter is disabled due to excessive execution time, which may cause associated models to not function properly.
Edit the query in the filter event settings to enable the filter.
Description
Short description or notes of the custom filter
Severity
The severity of the custom filter
A severity of Medium, High, or Critical affects the Risk Index on the Executive Dashboard and Operations Dashboard. When testing or tuning a model, select Low to avoid affecting indexes.
Filter ID
The unique identifier of the custom filter
Event ID
The Trend Micro event targeted by the custom filter
Vendor
The vendor event targeted by the custom filter
Note
Note
This field is only available for the THIRD_PARTY_LOG event type.
Query
The query string used to detect events
Associated model
Custom detection models that employ the filter
Custom tags
Labels for grouping and identifying events and filters
Max length is 64 characters