Views:
The following tables list the settings that are available in the API with a description. Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.

Default policy, policy, and computer settings

Note
Note
The following table lists the settings that are included in default policy settings, policy settings, and computer settings. Note that these settings are included only in
DefaultPolicySettings
:
  • antiMalwareSettingState
  • applicationControlSettingState
  • firewallSettingState
  • integrityMonitoringSettingState
  • intrusionPreventionSettingState
  • logInspectionSettingState
  • sapSettingState
  • webReputationSettingState
Setting
Description
Anti-Malware Settings
antiMalwareSettingBehaviorMonitoringScanExclusionList
Scan Exclusions for Suspicious Activity/Unauthorized Change
antiMalwareSettingCombinedModeProtectionSource
Anti-Malware
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled
Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled
Use Apex Central's Suspicious Object List
antiMalwareSettingDocumentExploitProtectionRuleExceptions
Allowed Advanced Threat Detection Rules
antiMalwareSettingFileHashEnabled
Calculate Hash values of all anti-malware events (at least SHA1 by default)
antiMalwareSettingFileHashMd5Enabled
MD5
antiMalwareSettingFileHashSha256Enabled
SHA256
antiMalwareSettingFileHashSizeMaxMbytes
Skip hash values calculation if file size is large than (64MB~512MB)
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes
Maximum disk space used to store identified files
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled
Use multithreaded processing for Malware scans (if available)
antiMalwareSettingNsxSecurityTaggingEnabled
Anti-Malware NSX Security Tagging State
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled
Anti-Malware NSX Only Tag on Failure to Remediate
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled
Anti-Malware NSX Remove Tag
antiMalwareSettingNsxSecurityTaggingValue
Anti-Malware NSX Security Tag
antiMalwareSettingPredictiveMachineLearningExceptions
Predictive Machine Learning Exclusion List
antiMalwareSettingScanCacheOnDemandConfigId
Anti-Malware On Demand Scan Cache Configuration
antiMalwareSettingScanCacheRealTimeConfigId
Anti-Malware Real-Time Scan Cache Configuration
antiMalwareSettingScanFileSizeMaxMbytes
Maximum file size to scan
antiMalwareSettingSmartProtectionGlobalServerEnabled
Use Global Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled
Use Proxy when accessing Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal
When off domain, connect to global Smart Protection Service. (Windows only)
antiMalwareSettingSmartProtectionLocalServerUrls
Local Smart Protection Servers for Smart Scan
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled
Warn if connection to Smart Protection Server is lost
antiMalwareSettingSmartScanState
Smart Scan State
antiMalwareSettingSpywareApprovedList
Allowed Spyware/Grayware
antiMalwareSettingState (Default policy settings only)
Anti-Malware State
antiMalwareSettingSyslogConfigId
Anti-Malware Syslog Configuration
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax
Max On-Demand Malware Scan Cache Entries
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax
Max Real-Time Malware Scan Cache Entries
Application Control Settings
applicationControlSettingExecutionEnforcementLevel
Enforcement:
applicationControlSettingRulesetMode
Ruleset mode:
applicationControlSettingSharedRulesetId
Shared Application Control Ruleset
applicationControlSettingState (Default policy settings only)
Application Control State
applicationControlSettingSyslogConfigId
Application Control Syslog Configuration
Firewall Settings
firewallSettingAntiEvasionCheckEvasiveRetransmit
Evasive Retransmit
firewallSettingAntiEvasionCheckFinNoConnection
FIN packet out of connection
firewallSettingAntiEvasionCheckFragmentedPackets
Fragmented Packets
firewallSettingAntiEvasionCheckOutNoConnection
Outgoing packet out of connection
firewallSettingAntiEvasionCheckPaws
Invalid TCP Timestamps
firewallSettingAntiEvasionCheckRstNoConnection
RST packet out of connection
firewallSettingAntiEvasionCheckTcpChecksum
TCP Checksum
firewallSettingAntiEvasionCheckTcpCongestionFlags
TCP Congestion Flags
firewallSettingAntiEvasionCheckTcpPawsZero
Timestamp PAWS Zero Allowed
firewallSettingAntiEvasionCheckTcpRstFinFlags
TCP Rst Fin Flags
firewallSettingAntiEvasionCheckTcpSplitHandshake
TCP Split Handshake
firewallSettingAntiEvasionCheckTcpSynFinFlags
TCP Syn Fin Flags
firewallSettingAntiEvasionCheckTcpSynRstFlags
TCP Syn Rst Flags
firewallSettingAntiEvasionCheckTcpSynWithData
TCP Syn with Data
firewallSettingAntiEvasionCheckTcpUrgentFlags
TCP Urgent Flags
firewallSettingAntiEvasionCheckTcpZeroFlags
TCP Zero Flags
firewallSettingAntiEvasionSecurityPosture
Anti-Evasion Posture
firewallSettingAntiEvasionTcpPawsWindowPolicy
TCP Timestamp PAWS Window
firewallSettingCombinedModeProtectionSource
Firewall
firewallSettingConfigPackageExceedsAlertMaxEnabled
Advanced - Generate an Alert when Agent configuration package exceeds maximum size
firewallSettingEngineOptionAckTimeout
ACK Storm Timeout
firewallSettingEngineOptionAllowNullIpEnabled
Allow Null IP
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled
Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled
Advanced - Block IPv6 on Agents and Appliances verions 9 and later
firewallSettingEngineOptionBlockSameSrcDstIpEnabled
Block Same Src-Dest IP Address
firewallSettingEngineOptionBootStartTimeout
Boot Start Timeout
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled
Bypass Cisco WAAS Connections
firewallSettingEngineOptionCloseTimeout
CLOSED Timeout
firewallSettingEngineOptionCloseWaitTimeout
CLOSE_WAIT Timeout
firewallSettingEngineOptionClosingTimeout
CLOSING Timeout
firewallSettingEngineOptionColdStartTimeout
Cold Start Timeout
firewallSettingEngineOptionConnectionCleanupTimeout
Connection Cleanup Timeout
firewallSettingEngineOptionConnectionsCleanupMax
Maximum Connections per Cleanup
firewallSettingEngineOptionConnectionsNumIcmpMax
Maximum ICMP Connections
firewallSettingEngineOptionConnectionsNumTcpMax
Maximum TCP Connections
firewallSettingEngineOptionConnectionsNumUdpMax
Maximum UDP Connections
firewallSettingEngineOptionDebugModeEnabled
Enable Debug Mode
firewallSettingEngineOptionDebugPacketNumMax
Number of Packets to retain in Debug Mode
firewallSettingEngineOptionDisconnectTimeout
DISCONNECT Timeout
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled
Drop 6to4 Bogon Addresses
firewallSettingEngineOptionDropEvasiveRetransmitEnabled
Drop Evasive Retransmit
firewallSettingEngineOptionDropIpZeroPayloadEnabled
Drop IP Packet with Zero Payload
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled
Drop IPv6 Bogon Addresses
firewallSettingEngineOptionDropIpv6ExtType0Enabled
Drop IPv6 Extension Type 0
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled
Drop IPv6 Fragments Lower Than minimum MTU
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled
Drop IPv6 Reserved Addresses
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled
Drop IPv6 Site Local Addresses
firewallSettingEngineOptionDropTeredoAnomaliesEnabled
Drop Teredo Anomalies
firewallSettingEngineOptionDropUnknownSslProtocolEnabled
Drop Unknown SSL Protocol
firewallSettingEngineOptionErrorTimeout
ERROR Timeout
firewallSettingEngineOptionEstablishedTimeout
ESTABLISHED Timeout
firewallSettingEngineOptionEventNodesMax
Number of Event Nodes
firewallSettingEngineOptionFilterIpv4Tunnels
Filter IPv4 Tunnels
firewallSettingEngineOptionFilterIpv6Tunnels
Filter IPv6 Tunnels
firewallSettingEngineOptionFinWait1Timeout
FIN_WAIT1 Timeout
firewallSettingEngineOptionForceAllowDhcpDns
Force Allow DHCP DNS
firewallSettingEngineOptionForceAllowIcmpType3Code4
Force Allow ICMP type3 code4
firewallSettingEngineOptionFragmentOffsetMin
Minimum Fragment Offset
firewallSettingEngineOptionFragmentSizeMin
Minimum Fragment Size
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled
Generate Connection Events for ICMP
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled
Generate Connection Events for TCP
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled
Generate Connection Events for UDP
firewallSettingEngineOptionIcmpTimeout
ICMP Timeout
firewallSettingEngineOptionIgnoreStatusCode0
Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode1
Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode2
Ignore Status Code
firewallSettingEngineOptionLastAckTimeout
LAST_ACK Timeout
firewallSettingEngineOptionLogAllPacketDataEnabled
Log All Packet Data
firewallSettingEngineOptionLogEventsPerSecondMax
Maximum Events Per Second
firewallSettingEngineOptionLogOnePacketPeriod
Period for Log only one packet within period
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled
Log only one packet within period
firewallSettingEngineOptionLogPacketLengthMax
Maximum data size to store when packet data is captured
firewallSettingEngineOptionLoggingPolicy
Advanced Logging Policy
firewallSettingEngineOptionSilentTcpConnectionDropEnabled
Silent TCP Connection Drop
firewallSettingEngineOptionSslSessionSize
SSL Session Size
firewallSettingEngineOptionSslSessionTime
SSL Session Time
firewallSettingEngineOptionStrictTerodoPortCheckEnabled
Strict Teredo Port Check
firewallSettingEngineOptionSynRcvdTimeout
SYN_RCVD Timeout
firewallSettingEngineOptionSynSentTimeout
SYN_SENT Timeout
firewallSettingEngineOptionTcpMssLimit
TCP MSS Limit
firewallSettingEngineOptionTunnelDepthMax
Maximum Tunnel Depth
firewallSettingEngineOptionTunnelDepthMaxExceededAction
Action if Maximum Tunnel Depth Exceeded
firewallSettingEngineOptionUdpTimeout
UDP Timeout
firewallSettingEngineOptionVerifyTcpChecksumEnabled
Verify TCP Checksum
firewallSettingEngineOptionsEnabled
Use custom driver settings
firewallSettingEventLogFileCachedEntriesLifeTime
Cache Lifetime
firewallSettingEventLogFileCachedEntriesNum
Cache Size
firewallSettingEventLogFileCachedEntriesStaleTime
Cache Stale time
firewallSettingEventLogFileIgnoreSourceIpListId
Do not record events with source IP of
firewallSettingEventLogFileRetainNum
Number of event log files to retain (on Agent/Appliance)
firewallSettingEventLogFileSizeMax
Maximum size of the event log files (on Agent/Appliance)
firewallSettingEventsOutOfAllowedPolicyEnabled
Generate Firewall Events for packets that are 'Out Of Allowed Policy'
firewallSettingFailureResponseEngineSystem
Network Engine System Failure
firewallSettingFailureResponsePacketSanityCheck
Network Packet Sanity Check Failure
firewallSettingInterfaceIsolationEnabled
Enable Interface Isolation
firewallSettingInterfaceLimitOneActiveEnabled
Limit to one active interface
firewallSettingInterfacePatterns
Interface Patterns
firewallSettingNetworkEngineMode
Network Engine Mode
firewallSettingReconnaissanceBlockFingerprintProbeDuration
Computer OS Fingerprint Probe - Block Traffic
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration
Network or Port Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpNullScanDuration
TCP Null Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpSynFinScanDuration
TCP SYNFIN Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpXmasAttackDuration
TCP Xmas Scan - Block Traffic
firewallSettingReconnaissanceDetectFingerprintProbeEnabled
Computer OS Fingerprint Probe - Enabled
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled
Network or Port Scan - Enabled
firewallSettingReconnaissanceDetectTcpNullScanEnabled
TCP Null Scan - Enabled
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled
TCP SYNFIN Scan - Enabled
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled
TCP Xmas Scan - Enabled
firewallSettingReconnaissanceEnabled
Reconnaissance Scan Detection - Enabled
firewallSettingReconnaissanceExcludeIpListId
Reconnaissance Scan Detection - Do not perform detection on traffic coming from
firewallSettingReconnaissanceIncludeIpListId
Reconnaissance Scan Detection - Computers/Networks on which to perform detection
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled
Computer OS Fingerprint Probe - Notify DSM Immediately
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled
Network or Port Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpNullScanEnabled
TCP Null Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled
TCP SYNFIN Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled
TCP Xmas Scan - Notify DSM Immediately
firewallSettingState (Default policy settings only)
Firewall State
firewallSettingSyslogConfigId
Firewall and Intrusion Prevention Syslog Configuration
firewallSettingVirtualAndContainerNetworkScanEnabled
Scan container network traffic
Integrity Monitoring Settings
integrityMonitoringSettingAutoApplyRecommendationsEnabled
Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans
integrityMonitoringSettingCombinedModeProtectionSource
Integrity Monitoring
integrityMonitoringSettingContentHashAlgorithm
Integrity Monitoring Hash Algorithm
integrityMonitoringSettingCpuUsageLevel
Integrity Monitoring CPU Usage Level:
integrityMonitoringSettingRealtimeEnabled
Real Time
integrityMonitoringSettingScanCacheConfigId
Integrity Scan Cache Configuration:
integrityMonitoringSettingState (Default policy settings only)
Integrity Monitoring State
integrityMonitoringSettingSyslogConfigId
Integrity Monitoring Syslog Configuration
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax
Max Integrity Monitoring Scan Cache Entries
Intrusion Prevention Settings
intrusionPreventionSettingAutoApplyRecommendationsEnabled
Automatically implement Recommendations
intrusionPreventionSettingCombinedModeProtectionSource
Intrusion Prevention
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax
Maximum number of fragmented IP packets to keep
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled
Send ICMP to indicate fragmented packet timeout exceeded
intrusionPreventionSettingEngineOptionFragmentedIpTimeout
Fragment Timeout
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled
Bypass MAC addresses that don't belong to host
intrusionPreventionSettingEngineOptionsEnabled
Use custom driver settings
intrusionPreventionSettingLogDataRuleFirstMatchEnabled
Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel
Detect Mode
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel
Prevent Mode
intrusionPreventionSettingState (Default policy settings only)
Intrusion Prevention State
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled
Scan container network traffic
Log Inspection Settings
logInspectionSettingAutoApplyRecommendationsEnabled
Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin
Send Agent/Appliance events to syslog when they equal or exceed the following severity level
logInspectionSettingSeverityClippingAgentEventStoreLevelMin
Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level
logInspectionSettingState (Default policy settings only)
Log Inspection State
logInspectionSettingSyslogConfigId
Log Inspection Syslog Configuration
Platform Settings
platformSettingAgentCommunicationsDirection
Direction of Server & Workload Protection to Agent/Appliance communication
platformSettingAgentEventsSendInterval
Period between sending of events
platformSettingAgentSelfProtectionEnabled
Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent
platformSettingAgentSelfProtectionPassword
Password
platformSettingAgentSelfProtectionPasswordEnabled
Local override requires password
platformSettingAutoAssignNewIntrusionPreventionRulesEnabled
Automatically assign new Intrusion Prevention Rules as required by updated Application Types and Intrusion Prevention Rule dependencies
platformSettingAutoUpdateAntiMalwareEngineEnabled
Automatically update anti-malware engine
platformSettingCombinedModeNetworkGroupProtectionSource
Network Combined Mode Affinity
platformSettingEnvironmentVariableOverrides
Environment Variable Overrides
platformSettingHeartbeatInactiveVmOfflineAlertEnabled
Raise Offline Errors For Inactive Virtual Machines
platformSettingHeartbeatInterval
Heartbeat Interval
platformSettingHeartbeatLocalTimeShiftAlertThreshold
Maximum change (in minutes) of the local system time on the computer between heartbeats before an alert is raised
platformSettingHeartbeatMissedAlertThreshold
Number of Heartbeats that can be missed before an alert is raised
platformSettingInactiveAgentCleanupOverrideEnabled
Prevent this computer from being deleted if Inactive Agent Cleanup is enabled:
platformSettingNotificationsSuppressPopupsEnabled
Suppress all pop-up notifications on host
platformSettingOverwriteHostnameDuringHeartbeatEnabled
Automatically update the computer name to the latest reported by the agent
platformSettingRecommendationOngoingScansInterval
Ongoing Scan Interval
platformSettingRelayState
Relay State
platformSettingScanCacheConcurrencyMax
Max Concurrent Scans
platformSettingScanOpenPortListId
Ports to scan
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId
Use Proxy when accessing Smart Protection Service for Smart Scan
platformSettingSmartProtectionGlobalServerEnabled
Use Global Service for Census
platformSettingSmartProtectionGlobalServerProxyId
Use Proxy when accessing Global Service for Census
platformSettingSmartProtectionGlobalServerUseProxyEnabled
Use Proxy when accessing Global Service for Census
platformSettingTroubleshootingLoggingLevel
Logging Level
platformSettingUpgradeOnActivationEnabled
Automatically upgrade agents on activation
SAP Settings
sapSettingState (Default policy settings only)
Configuration
Sensing Mode Settings
sensingModeSettingActivityEnabled
Sensor Activity Enabled
sensingModeSettingIndicatorEnabled
Sensor Indicator Enabled
sensingModeSettingState (Default policy settings only)
Sensing Mode State
sensingModeSettingSyslogConfigId
Sensing Mode Configuration
Web Reputation Settings
webReputationSettingAlertingEnabled
Alert
webReputationSettingAllowedUrlDomains
Allowed Domain URLs
webReputationSettingAllowedUrls
Allowed Page URLs
webReputationSettingBlockedUrlDomains
Blocked Domain URLs
webReputationSettingBlockedUrlKeywords
Blocked Keywords
webReputationSettingBlockedUrls
Blocked Page URLs
webReputationSettingBlockingPageLink
Blocked Page Link
webReputationSettingCombinedModeProtectionSource
Web Reputation
webReputationSettingMonitorPortListId
Ports to monitor
webReputationSettingSecurityBlockUntestedPagesEnabled
Block Untested Pages
webReputationSettingSecurityLevel
Security Level
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled
Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal
When off domain, connect to global Smart Protection Service. (Windows only)
webReputationSettingSmartProtectionLocalServerEnabled
Use Local Smart Protection Server for Web Reputation Service
webReputationSettingSmartProtectionLocalServerUrls
Local Smart Protection Servers for Web Reputation
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled
Warn if connection to Smart Protection Server is lost
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId
Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingState (Default policy settings only)
Web Reputation State
webReputationSettingSyslogConfigId
Web Reputation Syslog Configuration

System settings

Setting
Description
Anti-Malware Settings
antiMalwareSettingEventEmailBodyTemplate
Email Template
antiMalwareSettingEventEmailEnabled
Anti-Malware Email Notifications Enabled
antiMalwareSettingEventEmailRecipients
Email Recipients
antiMalwareSettingEventEmailSubject
Email Subject Text
antiMalwareSettingRetainEventDuration
Automatically delete Anti-Malware Events older than
Application Control Settings
applicationControlSettingRetainEventDuration
Automatically delete Application Control Events older than
applicationControlSettingServeRulesetsFromRelaysEnabled
Serve application control rulesets from relays
Firewall Settings
firewallSettingEventRankSeverityDeny
Deny
firewallSettingEventRankSeverityLogOnly
Log Only
firewallSettingEventRankSeverityPacketRejection
Packet Rejection
firewallSettingGlobalStatefulConfigId
Global Firewall Stateful Configuration
firewallSettingInternetConnectivityTestExpectedContentRegex
Regular Expression for returned content used to confirm Connectivity
firewallSettingInternetConnectivityTestInterval
Test Interval
firewallSettingInternetConnectivityTestUrl
URL for testing Internet Connectivity Status
firewallSettingIntranetConnectivityTestExpectedContentRegex
Regular Expression for returned content used to confirm Intranet Connectivity
firewallSettingIntranetConnectivityTestUrl
URL for testing Intranet Connectivity Status
firewallSettingRetainEventDuration
Automatically delete Firewall Events older than
Integrity Monitoring Settings
integrityMonitoringSettingEventRankSeverityCritical
Critical
integrityMonitoringSettingEventRankSeverityHigh
High
integrityMonitoringSettingEventRankSeverityLow
Low
integrityMonitoringSettingEventRankSeverityMedium
Medium
integrityMonitoringSettingRetainEventDuration
Automatically delete Integrity Monitoring Events older than
Intrusion Prevention Settings
intrusionPreventionSettingEventRankSeverityFilterCritical
Critical
intrusionPreventionSettingEventRankSeverityFilterError
Error
intrusionPreventionSettingEventRankSeverityFilterHigh
High
intrusionPreventionSettingEventRankSeverityFilterLow
Low
intrusionPreventionSettingEventRankSeverityFilterMedium
Medium
intrusionPreventionSettingRetainEventDuration
Automatically delete Intrusion Prevention Events older than
Log Inspection Settings
logInspectionSettingEventRankSeverityCritical
Critical
logInspectionSettingEventRankSeverityHigh
High
logInspectionSettingEventRankSeverityLow
Low
logInspectionSettingEventRankSeverityMedium
Medium
logInspectionSettingRetainEventDuration
Automatically delete Log Inspection Events older than
Platform Settings
platformSettingActiveSessionsMax
Number of concurrent sessions allowed per User
platformSettingActiveSessionsMaxExceededAction
Action when concurrent session limit is exceeded
platformSettingAgentInitiatedActivationDuplicateHostnameMode
If a computer already exists
platformSettingAgentInitiatedActivationEnabled
Allow Agent-Initiated Activation
platformSettingAgentInitiatedActivationPolicyId
Policy to assign (if Policy not assigned by activation script):
platformSettingAgentInitiatedActivationReactivateClonedEnabled
Reactivate cloned Agents
platformSettingAgentInitiatedActivationReactivateUnknownEnabled
Reactivate unknown Agents
platformSettingAgentInitiatedActivationSpecifyHostnameEnabled
Allow Agent to specify hostname
platformSettingAgentInitiatedActivationWithinIpListId
Agent-Initiated Activation IP List
platformSettingAgentlessVcloudProtectionEnabled
Allow Appliance protection of vCloud VMs
platformSettingAlertAgentUpdatePendingThreshold
Length of time an Update can be pending before raising an Alert
platformSettingAlertDefaultEmailAddress
Alert Email Address - The email address to which all alert emails should be sent
platformSettingAwsManagerIdentityAccessKey
Access Key - The Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentitySecretKey
Secret Key - The Secret Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentityUseInstanceRoleEnabled
Use Instance Role
platformSettingCaptureEncryptedTrafficEnabled
Allow packet data capture on encrypted traffic (SSL)
platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey
API Key
platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl
Server URL (ex: "https://[server]/webapp")
platformSettingConnectedThreatDefenseControlManagerProxyId
Use Proxy when accessing Apex Central
platformSettingConnectedThreatDefenseControlManagerSourceOption
Suspicious Object List Source
platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled
Compare objects against Suspicious Object List
platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled
When accessing Apex Central, use proxy:
platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled
Use default server settings
platformSettingDdanAutoSubmissionEnabled
Enable automatic file submission
platformSettingDdanManualSourceApiKey
API Key
platformSettingDdanManualSourceServerUrl
Server URL (ex: "https://[server]/")
platformSettingDdanProxyId
Use Proxy when accessing Deep Discovery Analyzer
platformSettingDdanSourceOption
Deep Discovery Analyzer Source
platformSettingDdanSubmissionEnabled
Enable submission of suspicious files to Deep Discovery Analyzer
platformSettingDdanUseProxyEnabled
When accessing Deep Discovery Analyzer, use proxy:
platformSettingDemoModeEnabled
Demo Mode Enabled
platformSettingEventForwardingSnsAccessKey
Access Key - The Access Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsAdvancedConfigEnabled
Amazon SNS Advanced Configuration
platformSettingEventForwardingSnsConfigJson
Amazon SNS Configuration
platformSettingEventForwardingSnsEnabled
Publish Events to Amazon Simple Notification Service
platformSettingEventForwardingSnsSecretKey
Secret Key - The Secret Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsTopicArn
SNS Topic ARN
platformSettingExportedDiagnosticPackageLocale
Exported Diagnostic Package Language
platformSettingExportedFileCharacterEncoding
Exported file Character Encoding
platformSettingInactiveAgentCleanupDuration
Delete Agents that have been inactive for:
platformSettingInactiveAgentCleanupEnabled
Delete Agents that have been inactive for:
platformSettingManagedDetectResponseCompanyGuid
Company GUID
platformSettingManagedDetectResponseEnabled
Enable the MDR service
platformSettingManagedDetectResponseProxyId
Use Proxy when accessing MDR server
platformSettingManagedDetectResponseServerUrl
Server URL (ex: "https://[server]/")
platformSettingManagedDetectResponseServiceToken
Service Token
platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled
Use default server settings
platformSettingManagedDetectResponseUseProxyEnabled
When accessing MDR server, use proxy:
platformSettingProxyAgentUpdateProxyId
Primary Security Update Proxy used by Agents, Appliances, and Relays:
platformSettingRecommendationOngoingScansEnabled
Perform ongoing Recommendation Scans
platformSettingRetainAgentInstallersPerPlatformMax
Number of older software versions to keep per platform
platformSettingRetainCountersDuration
Automatically delete Counters older than
platformSettingRetainSecurityUpdatesMax
Number of older Rule Updates to keep
platformSettingRetainSystemEventDuration
Automatically delete System Events older than
platformSettingSamlIdentityProviderCertificateExpiryWarningDays
Warn when a SAML identity provider certificate will expire within (days)
platformSettingSamlRetainInactiveExternalAdministratorsDuration
Automatically delete inactive identity provider users after (days)
platformSettingSmartProtectionFeedbackBandwidthMaxKbytes
Maximum bandwidth:
platformSettingSmartProtectionFeedbackEnabled
Enable Trend Micro Smart Feedback (recommended)
platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled
Send suspicious file signatures along with feedback
platformSettingSmartProtectionFeedbackIndustryType
Your industry (optional):
platformSettingSmartProtectionFeedbackInterval
Feedback Interval (min)
platformSettingSmartProtectionFeedbackThreatDetectionsThreshold
Feedback Interval by threats
platformSettingSmtpBounceEmailAddress
"Bounce" email address (optional) - The email address to which delivery failure notifications should be sent
platformSettingSmtpFromEmailAddress
"From" email address - The email address from which outgoing emails should be sent
platformSettingSmtpPassword
SMTP password
platformSettingSmtpRequiresAuthenticationEnabled
Mail server requires authentication
platformSettingSmtpServerAddress
SMTP mail server address (optionally include :port)
platformSettingSmtpStartTlsEnabled
STARTTLS
platformSettingSmtpUsername
SMTP username
platformSettingSyslogConfigId
Forward System Events to a remote computer (via Syslog) using configuration
platformSettingSystemEventForwardingSnmpAddress
Hostname or IP address to which events should be sent
platformSettingSystemEventForwardingSnmpEnabled
Forward System Events to a remote computer (via SNMP)
platformSettingSystemEventForwardingSnmpPort
UDP port to which events should be sent
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled
Allow Primary Tenant access to my Server & Workload Protection Environment
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled
Automatically revoke Primary Tenant access after
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout
Automatically revoke Primary Tenant access after
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled
Use the Primary Tenant Relay Group as my Default Relay Group
platformSettingTrendMicroXdrApiKey
API Key
platformSettingTrendMicroXdrApiServerUrl
API Server URL
platformSettingTrendMicroXdrApiUser
API User
platformSettingTrendMicroXdrCompanyId
Company ID
platformSettingTrendMicroXdrEnabled
Forward activity data to Trend Micro XDR data lake
platformSettingTrendMicroXdrLogServerUrl
Log Server URL
platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled
Allow Agents/Appliances to download security updates directly from Primary Security Update Source if Relays are not accessible
platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled
Allow Agents/Appliances to download security updates when Server & Workload Protection is not accessible
platformSettingUpdateApplianceDefaultAgentVersion
Upon deployment, update Virtual Appliances to
platformSettingUpdateHostnameOnIpChangeEnabled
Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery
platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled
Download Patterns for all Regions
platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled
Allow supported 8.0 and 9.0 Agents to be updated
platformSettingUpdateRulesPolicyAutoApplyEnabled
Automatically apply Rule Updates to Policies
platformSettingUpdateSecurityPrimarySourceMode
Relay Update Source
platformSettingUpdateSecurityPrimarySourceUrl
URL
platformSettingUpdateSoftwareAlternateUpdateServerUrls
Alternate Software Update Web Server(s)
platformSettingUserHideUnlicensedModulesEnabled
Hide unlicensed Protection Modules for new Users
platformSettingUserPasswordExpiry
User password expires
platformSettingUserPasswordExpirySendEmailEnabled
Send email when a user's password is about to expire
platformSettingUserPasswordLengthMin
User password minimum length
platformSettingUserPasswordRequireLettersAndNumbersEnabled
User password requires both letters and numbers
platformSettingUserPasswordRequireMixedCaseEnabled
User password requires both upper and lower case characters
platformSettingUserPasswordRequireNotSameAsUsernameEnabled
User password cannot match username or username spelled backward
platformSettingUserPasswordRequireSpecialCharactersEnabled
User password requires non-alphanumeric characters
platformSettingUserSessionDurationMax
Maximum session duration
platformSettingUserSessionIdleTimeout
Session idle timeout
platformSettingUserSignInAttemptsAllowedNumber
Number of incorrect sign-in attempts allowed (before lock out)
platformSettingWhoisUrl
Whois URL - The full URL to a Whois lookup with the IP represented as [IP]
Web Reputation Settings
webReputationSettingEventRankRiskBlockedByAdministratorRank
Blocked By Administrator
webReputationSettingEventRankRiskDangerous
Dangerous
webReputationSettingEventRankRiskHighlySuspicious
Highly Suspicious
webReputationSettingEventRankRiskSuspicious
Suspicious
webReputationSettingEventRankRiskUntested
Untested
webReputationSettingRetainEventDuration
Automatically delete Web Reputation Events older than