Detailed Application Activity
Displays overall information about application activity on your network. Example: the managed product which detects the security compliance, the name of the specific policy in compliance, the total number of security compliances on the network
Data |
Description |
|---|---|
Received |
The time at which Control Manager receives data from the managed product. |
Generated |
The time at which the managed product generates data. |
Product Entity |
The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name. |
Product |
The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange |
VLAN ID |
Displays the VLAN ID (VID) of the source from which the suspicious threat originates. |
Detected By |
Displays the filter, scan engine, or managed product which detects the suspicious threat. |
Traffic/Connection |
Displays the direction of network traffic or the position on the network the suspicious threat originates. |
Protocol Group |
Displays the broad protocol group from which a managed product detects the suspicious threat. Example: FTP, HTTP, P2P |
Protocol |
Displays the protocol from which a managed product detects the suspicious threat. Example: ARP, Bearshare, BitTorrent |
Description |
Detailed description of the incident by Trend Micro. |
Endpoint Host |
Displays the host name of the computer in compliance of the policy/rule. |
Source IP |
Displays the IP address of the source from which the suspicious threat originates. |
Source MAC |
Displays the MAC address of the source from which the suspicious threat originates. |
Source Port |
Displays the port number of the source from which the suspicious threat originates. |
Source IP Group |
Displays the IP address group of the source where the violation originates. |
Source Network Zone |
Displays the network zone of the source where the violation originates. |
Endpoint IP |
Displays the IP address of the endpoint the suspicious threat affects. |
Endpoint Port |
Displays the port number of the endpoint the suspicious threat affects. |
Endpoint MAC |
Displays the MAC address of the endpoint the suspicious threat affects. |
Endpoint Group |
Displays the IP address group of the endpoint the suspicious threat affects. |
Endpoint Network Zone |
Displays the network zone of the endpoint the suspicious threat affects. |
|
Detections |
Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. Detections = 10 |
|
Threat Type |
Displays the specific type of security threat managed products detect. |
|
Detection Severity |
Displays the severity level of the incident. |
|
IP Address (Interested) |
Displays the IP address of the target endpoint (source or destination). For an exchange occurring within the network, the Interested IP is the source IP address. If the traffic is an external traffic, the Interested IP is the destination IP address. |
|
IP Address (Peer) |
Displays the IP address opposite of the Interested IP. For example, if the Interested IP is the source IP address, then the Peer IP is the destination IP address. |
|
Matching Classified Events |
Displays the log count matching the same aggregated rule. |
|
Aggregated Matching Classified Events |
Displays the aggregated log count matching the same rule. |
|
Network Group |
Displays the name of the group. |
|
Host Severity |
Displays the host severity. |
|
Log ID |
Displays the log ID. |
