Intrusion Prevention Rules

The Intrusion Prevention Rules screen displays the Intrusion Prevention Rules supported by Apex Central Vulnerability Protection. Intrusion Prevention Rules examine the actual content of network packets (and sequences of packets). Based on the conditions set within the Intrusion Prevention Rule, various actions are then carried out on these packets. These actions include replacing specifically defined or suspicious byte sequences, or completely dropping packets and resetting the connection.

  • To filter the list of rules, use the Search box to specify full or partial strings that appear in any of the columns.

  • To sort the list of Intrusion Prevention Rules by column data, click a column heading.

  • To view detailed Intrusion Prevention Rule Properties, click the link in the Rule Name column of a rule.

Note:

Apex Central automatically imports/updates Intrusion Prevention Rules from the Apex One server during manual or scheduled component updates.

Important:

Each managed product provides different policy settings that you can configure and deploy to policy targets. You can find a complete list of supported managed products and the policy settings for each in the Apex Central as a Service Widget and Policy Management Guide.

You can download a PDF version of the guide, or view the guide online, using the following link:

https://docs.trendmicro.com/en-us/enterprise/apex-one-as-a-service.aspx

The following table outlines the rule information that displays on the Intrusion Prevention Rules screen.

Column

Description

Identifier

The unique identifier tag for the Intrusion Prevention Rule

Rule Name

The name of the Intrusion Prevention Rule

Application Type

The Application Type this Intrusion Prevention Rule is grouped under

Severity

The severity level that Trend Micro assigns to the rule

Note:

The severity of a rule has no effect on how the rule is implemented or applied. Severity levels can be useful as sorting criteria when viewing a list of Intrusion Prevention Rules.

Mode

The network engine detection mode used by the Intrusion Prevention module

Type

The type of vulnerability detected:

  • Smart: Known or unknown (for example, zero-day) vulnerability

  • Exploit: Known exploit (usually signature based) for a known vulnerability

  • Vulnerability: Known vulnerability for which one or more exploits may exist

CVE

The Common Vulnerabilities and Exposures (CVE®) identifier that MITRE assigns to the vulnerability

For more information, see http://cve.mitre.org/.

Microsoft

The Common Vulnerabilities and Exposures (CVE®) identifier that Microsoft assigns to the vulnerability

CVSS Score

The Common Vulnerability Scoring System (CVSS) severity score of the vulnerability according the National Vulnerability Database

For more information, see http://nvd.nist.gov/cvss.cfm.

Last Updated

The date and time the rule was last modified