Trend Micro Apex Central 2019 Online Help > Detections > Notifications > Advanced Threat Activity Events
        • Online Help Center Home

        • Privacy and Personal Data Collection Disclosure
        • Preface
          • Documentation
          • Audience
          • Document Conventions
          • Terminology
        • Introduction
          • Introducing Apex Central
            • About Apex Central
            • What's New in Apex Central 2019
            • Key Features and Benefits
            • Apex Central Architecture
        • Getting Started
          • The Web Console
            • About the Web Console
              • Web Console Requirements
            • Assigning HTTPS Access to the Web Console
            • Accessing the Web Console
            • Configuring Web Console Settings
          • The Dashboard
            • About the Dashboard
            • Tabs and Widgets
              • Working with Tabs
              • Working with Widgets
            • The Operation Center
              • Compliance Indicators
              • Critical Threats
              • Resolved Events
              • Operation Center Chart
              • Operation Center Details Pane
            • Summary Tab
              • Critical Threats Widget
              • Users with Threats Widget
              • Endpoints with Threats Widget
              • Apex Central Top Threats Widget
              • Product Component Status Widget
              • Product Connection Status Widget
              • Ransomware Prevention Widget
            • DLP Incident Investigation Tab
              • DLP Incident Trends by User Widget
              • DLP Incidents by Severity and Status Widget
              • DLP Incidents by User Widget
            • Data Loss Prevention Tab
              • DLP Incidents by Channel Widget
              • DLP Template Matches Widget
              • Top DLP Incident Sources Widget
              • DLP Violated Policy Widget
            • Compliance Tab
              • Product Application Compliance Widget
              • Product Component Status Widget
              • Product Connection Status Widget
              • Agent Connection Status Widget
            • Threat Detection Tab
              • Apex Central Top Threats Widget
              • Apex Central Threat Statistics Widget
              • Threat Detection Results Widget
              • Policy Violation Detections Widget
              • C&C Callback Events Widget
          • Account Management
            • User Accounts
              • Root Account
              • Adding a User Account
                • Managed Product Access Control
              • Editing a User Account
              • Enabling or Disabling Two-Factor Authentication
              • Viewing or Editing User Account Information
            • User Roles
              • Default User Roles
              • Adding a User Role
              • Editing a User Role
          • License Management
            • Apex Central Activation and License Information
              • Activating Apex Central
              • Viewing and Renewing Apex Central License Information
            • Managed Product Activation and Registration
              • License Management Details
                • Managed Product License Information
              • Activating Managed Products
              • Renewing Managed Product Licenses
          • Active Directory and Compliance Settings
            • Active Directory Integration
              • Configuring Active Directory Connection Settings
              • Troubleshooting Active Directory Synchronization
            • Compliance Indicators
              • Configuring the Antivirus Pattern Compliance Indicators
              • Configuring the Data Loss Prevention Compliance Indicator
            • Endpoint and User Grouping
              • Sites
                • Creating a Custom Site
                • Merging Sites
              • Reporting Lines
                • Creating a Custom Reporting Line
                • Merging Reporting Lines
          • User/Endpoint Directory
            • User/Endpoint Directory
            • User Details
              • Security Threats for Users
              • Policy Status
              • Contact Information
                • Synchronizing Contact Information with Active Directory
            • Endpoint Details
              • Endpoint Information
              • Security Threats on Endpoints
              • Policy Status
              • Notes for Endpoints
              • General Information for Endpoints
              • Isolating Endpoints
            • Active Directory Details
            • Affected Users
              • General Information for Security Threats
              • Analyzing Impact on Affected Users
              • Performing a Retro Scan on Affected Users
                • Retro Scan in Deep Discovery Inspector
            • Using the Advanced Search
              • Advanced Search Categories
            • Custom Tags and Filters
              • Custom Tags
                • Creating a Custom Tag
                • Assigning Custom Tags to Users/Endpoints
              • Filters
                • Default Endpoint Filters
                • Creating a Custom Filter
              • User or Endpoint Importance
        • Managed Product Integration
          • Managed Product Registration
            • Managed Product Registration Methods
            • Server Registration
              • Managed Server Details
              • Adding a Managed Server
              • Editing a Managed Server
              • Deleting a Managed Server
              • Configuring Proxy Settings for Managed Products
              • Configuring Cloud Service Settings
            • Managed Product Communication
              • Modifying the Default Agent Communication Schedule
              • Configuring Agent Communication Schedules
              • Configuring Managed Product Heartbeat Intervals
              • Stopping and Restarting Apex Central Services
          • Security Agent Installation
            • Downloading Security Agent Installation Packages
            • Apex One Security Agent System Requirements
              • Fresh Installations on Windows Endpoint Platforms
                • Windows 7 (32-bit / 64-bit) Service Pack 1 Requirements
                • Windows 8.1 (32-bit / 64-bit) Requirements
                • Windows 10 (32-bit / 64-bit) Requirements
              • Fresh Installations on Windows Server Platforms
                • Windows Server 2008 R2 (64-bit) Platforms
                • Windows MultiPoint Server 2010 (64-bit) Platform
                • Windows MultiPoint Server 2011 (64-bit) Platform
                • Windows Server 2012 (64-bit) Platforms
                • Windows Server 2016 (64-bit) Platforms
                • Windows Server 2019 (64-bit) Platforms
            • Apex One (Mac) Security Agent Installation
              • Apex One (Mac) Security Agent System Requirements
          • Product Directory
            • Product Directory
              • Connection Status Icons
            • Viewing Managed Product Status Summaries
            • Performing an Advanced Search of the Product Directory
            • Executing Managed Product Tasks
            • Configuring Managed Product Settings
            • Querying Logs from the Product Directory
            • Directory Management
              • Managing the Product Directory
              • Recovering Managed Products
          • Component Updates
            • Component Updates
              • Component List
              • Update Source
              • Deployment Plan
                • Adding a Deployment Schedule
            • Configuring Scheduled Update Settings
            • Configuring Manual Update Settings
            • Configuring Proxy Settings for Component/License Updates, Cloud Services, and Syslog Forwarding
          • Command Tracking
            • Command Tracking
            • Querying and Viewing Commands
              • Command Details
            • Configuring Command Time-out Settings
        • Policies
          • Policy Management
            • Policy Management
              • Creating a New Policy
                • Filtering by Criteria
                  • Assigning Endpoints to Filtered Policies
                • Specifying Policy Targets
                • Working with Parent Policy Settings
              • Copying Policy Settings
              • Inheriting Policy Settings
              • Modifying a Policy
              • Importing and Exporting Policies
              • Deleting a Policy
              • Changing the Policy Owner
              • Understanding the Policy List
              • Reordering the Policy List
            • Policy Status
          • Policy Resources
            • Application Control Criteria
              • Defining Allowed Application Criteria
              • Defining Blocked Application Criteria
              • Application Match Methods
                • Certified Safe Software List
                • File Paths
                • Certificates
                • Hash Values
            • Data Loss Prevention
              • Data Identifier Types
                • Expressions
                  • Predefined Expressions
                    • Viewing Settings for Predefined Expressions
                  • Customized Expressions
                    • Criteria for Customized Expressions
                    • Creating a Customized Expression
                    • Importing Customized Expressions
                • File Attributes
                  • Creating a File Attribute List
                  • Importing a File Attribute List
                • Keywords
                  • Predefined Keyword Lists
                  • How Keyword Lists Work
                    • Number of Keywords Condition
                    • Distance Condition
                  • Customized Keyword Lists
                    • Customized Keyword List Criteria
                    • Creating a Keyword List
                    • Importing a Keyword List
              • Data Loss Prevention Templates
                • Predefined DLP Templates
                • Customized DLP Templates
                  • Condition Statements and Logical Operators
                  • Creating a Template
                  • Importing Templates
            • Intrusion Prevention Rules
              • Intrusion Prevention Rule Properties
        • Detections
          • Logs
            • Log Queries
            • Querying Logs
              • Log Query Data Views
            • Configuring Log Aggregation
            • Configuring Syslog Forwarding
              • Disabling Syslog Forwarding
              • Supported Log Types and Formats
            • Deleting Logs
          • Notifications
            • Event Notifications
            • Notification Method Settings
              • Configuring SMTP Server Settings
              • Configuring SNMP Trap Settings
              • Configuring Syslog Settings
              • Configuring Trigger Application Settings
            • Contact Groups
              • Adding Contact Groups
              • Editing Contact Groups
            • Advanced Threat Activity Events
              • Attack Discovery Detections
              • C&C Callback Alert
              • C&C Callback Outbreak Alert
              • Correlated Incident Detections
              • Email Messages with Advanced Threats
              • High Risk Virtual Analyzer Detections
              • High Risk Host Detections
              • Known Targeted Attack Behavior
              • Potential Document Exploit Detections
              • Rootkit or Hacking Tool Detections
              • SHA-1 Deny List Detections
              • Watchlisted Recipients at Risk
              • Worm or File Infector Propagation Detections
            • Content Policy Violation Events
              • Email Policy Violation
              • Web Access Security Violation
            • Data Loss Prevention Events
              • Incident Details Updated
              • Scheduled Incident Summary
              • Significant Incident Increase
              • Significant Incident Increase by Channel
              • Significant Incident Increase by Sender
              • Significant Incident Increase by User
              • Significant Template Match Increase
            • Known Threat Activity Events
              • Network Virus Alert
              • Special Spyware/Grayware Alert
              • Special Virus Alert
              • Spyware/Grayware Found - Action Successful
              • Spyware/Grayware Found - Further Action Required
              • Virus Found - First Action Successful
              • Virus Found - First Action Unsuccessful and Second Action Unavailable
              • Virus Found - First and Second Actions Unsuccessful
              • Virus Found - Second Action Successful
              • Virus Outbreak Alert
            • Network Access Control Events
              • Network VirusWall Policy Violations
              • Potential Vulnerability Attacks
            • Unusual Product Behavior Events
              • Managed Product Unreachable
              • Product Service Started
              • Product Service Stopped
              • Real-time Scan Disabled
              • Real-time Scan Enabled
            • Updates
              • Antispam Rule Update Successful
              • Antispam Rule Update Unsuccessful
              • Pattern File/Cleanup Template Update Successful
              • Pattern File/Cleanup Template Update Unsuccessful
              • Scan Engine Update Successful
              • Scan Engine Update Unsuccessful
          • Reports
            • Reports Overview
            • Custom Templates
              • Adding or Editing Custom Templates
                • Configuring the Static Text Report Element
                • Configuring the Bar Chart Report Element
                • Configuring the Line Chart Report Element
                • Configuring the Pie Chart Report Element
                • Configuring the Dynamic Table Report Element
                • Configuring the Grid Table Report Element
            • One-time Reports
              • Creating One-time Reports
              • Viewing One-Time Reports
            • Scheduled Reports
              • Adding Scheduled Reports
              • Editing Scheduled Reports
              • Viewing Scheduled Reports
            • Configuring Report Maintenance
            • Viewing My Reports
          • Data Loss Prevention Incidents
            • Administrator Tasks
              • Setting Up Manager Information in Active Directory Users
              • Understanding DLP User Roles
              • Creating DLP Auditing Logs
            • DLP Incident Review Process
              • Understanding the Incident Information List
              • Reviewing Incident Details
        • Threat Intelligence and Response
          • Connected Threat Defense
            • About Connected Threat Defense
            • Feature Requirements
            • Suspicious Object List Management
              • Suspicious Object Lists
                • Adding Exceptions to the Virtual Analyzer Suspicious Object List
                • Suspicious Object Scan Actions
              • Configuring Distribution Settings
              • Suspicious Object Detection
                • Viewing At Risk Endpoints and Recipients
                • Analyzing Impact from Virtual Analyzer Suspicious Objects
                  • Preliminary Investigations in Endpoint Sensor
              • Viewing the Handling Process
            • Preemptive Protection Against Suspicious Objects
              • Adding Objects to the User-Defined Suspicious Object List
                • Importing User-Defined Suspicious Object Lists
              • Adding STIX Objects to the User-Defined Suspicious Object List
              • Adding OpenIOC Objects to the User-Defined Suspicious Object List
              • Analyzing Impact and Responding to IOCs from User-Defined Suspicious Objects
              • Isolating Endpoints
            • Connected Threat Defense Product Integration
              • Apex Central
              • Apex One
              • Apex One Endpoint Sensor
              • Apex One Sandbox as a Service
              • Cloud App Security
              • Deep Discovery Analyzer
              • Deep Discovery Director
              • Deep Discovery Email Inspector
              • Deep Discovery Inspector
              • Deep Security Manager
              • InterScan Messaging Security Virtual Appliance
              • InterScan Web Security Virtual Applicance
              • ScanMail for Microsoft Exchange
              • Smart Protection Server
              • Trend Micro Endpoint Application Control
          • Threat Investigation
            • Threat Investigation Overview
              • Endpoint Sensor Metadata
            • Preliminary Investigations
              • Using Custom Criteria for Preliminary Investigation
                • Supported Formats for Custom Criteria
              • Using OpenIOC files for Preliminary Investigation
                • Supported IOC Indicators for Preliminary Investigations
              • Starting a Root Cause Analysis from an Assessment
              • Root Cause Analysis Results
            • Detailed Investigations
              • Starting a One-time Investigation
                • One-Time Investigation
              • Starting a Scheduled Investigation
                • Scheduled Investigation
                • Reviewing the Scheduled Investigation History
              • Supported IOC Indicators for Real-Time Investigations
            • Investigation Results
              • Analysis Chains
                • Root Cause Analysis Icons
              • Object Details
          • Managed Detection and Response
            • Managed Detection and Response Overview
              • Registering Apex Central to the Threat Investigation Center
              • Unregistering from the Threat Investigation Center Server
              • Suspending or Resuming the Managed Detection and Response Service
              • Approving or Rejecting Investigation Tasks
                • Threat Investigation Center Task Commands
                • Endpoint Sensor Service Statuses
              • Tracking Investigation Tasks
                • Threat Investigation Center Task Statuses
                • Threat Investigation Center Command Statuses
              • Viewing Automated Analyses
            • Tracking Managed Detection and Response Task Commands
              • Command Details
            • Querying Supported Targets
            • The Threat Investigation Center Agent for Managed Detection and Response
          • Suspicious Object Hub and Node Architecture
            • Suspicious Object Hub and Node Apex Central Servers
            • Configuring the Suspicious Object Hub and Nodes
            • Unregistering a Suspicious Object Node from the Hub Apex Central
            • Configuration Notes
        • Tools and Support
          • Administering the Database
            • Understanding the Apex Central Database
              • Understanding the db_ApexCentral Tables
            • Backing Up db_ApexCentral Using SQL Server Management Studio
              • Restoring Backup db_ApexCentral Using SQL Server Management Studio
            • Shrinking db_ApexCentral_Log.ldf Using SQL Commands
            • Shrinking db_ApexCentral_log.ldf Using SQL Server Management Studio
              • Shrinking the db_ApexCentral_log.ldf File Size on Microsoft SQL Server 2008 (or later)
          • Apex Central Tools
            • About Apex Central Tools
            • Using the Agent Migration Tool (AgentMigrateTool.exe)
            • Using the Database Configuration Tool (DBConfig.exe)
          • Technical Support
            • Troubleshooting Resources
              • Using the Support Portal
              • Threat Encyclopedia
            • Contacting Trend Micro
              • Speeding Up the Support Call
            • Sending Suspicious Content to Trend Micro
              • Email Reputation Services
              • File Reputation Services
              • Web Reputation Services
            • Other Resources
              • Download Center
              • Documentation Feedback
        • Appendices
          • Apex Central System Checklists
            • Server Address Checklist
            • Port Checklist
            • Apex Central Conventions
            • Core Processes and Configuration Files
            • Communication and Listening Ports
          • Data Views
            • Data View: Security Logs
              • Advanced Threat Information
                • Detailed C&C Callback Information
                • Detailed Predictive Machine Learning Information
                • Detailed Suspicious File Information
                • Virtual Analyzer Detection Information
                • Detailed Virtual Analyzer Suspicious Object Impact Information
              • Attack Discovery Detections
                • Attack Discovery Detection Information
                • Detailed Attack Discovery Detection Information
              • Content Violation Information
                • Content Violation Action/Result Summary
                • Content Violation Detection Over Time Summary
                • Content Violation Policy Summary
                • Content Violation Sender Summary
                • Detailed Content Violation Information
                • Email Messages with Advanced Threats
              • Data Discovery Information
                • Data Discovery Data Loss Prevention Detection Information
                • Data Discovery Endpoint Information
              • Data Loss Prevention Information
                • DLP Incident Information
                • DLP Template Match Information
              • Deep Discovery Information
                • Detailed Correlation Information
                • Detailed Mitigation Information
                • Detailed Suspicious Threat Information
                • Overall Suspicious Threat Summary
                • Suspicious Source Summary
                • Suspicious Riskiest Endpoints Summary
                • Suspicious Riskiest Recipient Summary
                • Suspicious Sender Summary
                • Suspicious Threat Protocol Detection Summary
                • Suspicious Threat Detection Over Time Summary
              • Overall Threat Information
                • Network Protection Boundary Information
                • Network Security Threat Analysis Information
                • Security Threat Endpoint Analysis Information
                • Security Threat Entry Analysis Information
                • Security Threat Source Analysis Information
              • Policy/Rule Violation Information
                • Device Access Control Information
                • Detailed Application Activity
                • Detailed Application Control Violation Information
                • Detailed Behavior Monitoring Information
                • Detailed Endpoint Security Compliance Information
                • Detailed Endpoint Security Violation Information
                • Detailed Firewall Violation Information
                • Detailed Intrusion Prevention Information
                • Integrity Monitoring Information
                • Network Content Inspection Information
              • Spam Violation Information
                • Detailed Spam Information
                • Overall Spam Violation Summary
                • Spam Connection Information
                • Spam Detection Over Time Summary
                • Spam Recipient Summary
              • Spyware/Grayware Information
                • Detailed Spyware/Grayware Information
                • Endpoint Spyware/Grayware
                • Endpoint Spyware/Grayware Summary
                • Email Spyware/Grayware
                • Network Spyware/Grayware
                • Overall Spyware/Grayware Summary
                • Spyware/Grayware Action/Result Summary
                • Spyware/Grayware Detection Over Time Summary
                • Spyware/Grayware Source Summary
                • Web Spyware/Grayware
              • Virus/Malware Information
                • Detailed Virus/Malware Information
                • Endpoint Virus/Malware Information
                • Email Virus/Malware Information
                • Network Virus/Malware Information
                • Overall Virus/Malware Summary
                • Virus/Malware Action/Result Summary
                • Virus/Malware Detection Over Time Summary
                • Virus/Malware Endpoint Summary
                • Virus/Malware Source Summary
                • Web Virus/Malware Information
              • Web Violation/Reputation Information
                • Detailed Web Reputation Information
                • Detailed Web Violation Information
                • Overall Web Violation Summary
                • Web Violation Detection Over Time Summary
                • Web Violation Detection Summary
                • Web Violation Endpoint Summary
                • Web Violation Filter/Blocking Type Summary
                • Web Violation URL Summary
            • Data View: Product Information
              • Apex Central Information
                • Apex Central Event Information
                • Command Tracking Information
                • Detailed Command Tracking Information
                • User Access Information
              • Component Information
                • Endpoint Pattern/Engine Status Summary
                • Endpoint Pattern/Rule Update Status Summary
                • Engine Status
                • Pattern/Rule Status
                • Pattern File/Rule Status Summary
                • Product Component Deployment
                • Scan Engine Status Summary
              • License Information
                • Detailed Product License Information
                • Product License Information Summary
                • Product License Status
              • Managed Product Information
                • Product Auditing Event Log
                • Product Distribution Summary
                • Product Event Information
                • Product Status Information
          • Token Variables
            • About Token Variables
            • Standard Token Variables
            • Advanced Threat Activity Token Variables
            • Attack Discovery Token Variables
            • C&C Callback Token Variables
            • Content Policy Violation Token Variables
            • Data Loss Prevention Token Variables
            • Known Threat Activity Token Variables
            • Network Access Control Token Variables
            • Web Access Policy Violation Token Variables
          • IPv6 Support
            • Apex Central Server Requirements
            • IPv6 Support Limitations
            • Configuring IPv6 Addresses
            • Screens That Display IP Addresses
          • MIB Files
            • Using the Apex Central MIB File
            • Using the NVW Enforcer SNMPv2 MIB File
          • Syslog Content Mapping - CEF
            • CEF Attack Discovery Detection Logs
            • CEF Behavior Monitoring Logs
            • CEF C&C Callback Logs
            • CEF Content Security Logs
              • Filter Action Mapping Table
            • CEF Data Loss Prevention Logs
              • Action Result Mapping Table
              • Channel Mapping Table
            • CEF Device Access Control Logs
              • Product ID Mapping Table
            • CEF Endpoint Application Control Logs
            • CEF Engine Update Status Logs
            • CEF Managed Product Logon/Logoff Events
            • CEF Network Content Inspection Logs
            • CEF Pattern Update Status Logs
            • CEF Predictive Machine Learning Logs
              • Threat Type Mapping Table
            • CEF Sandbox Detection Logs
            • CEF Spyware/Grayware Logs
              • Action Mapping Table
              • Spyware/Grayware Scan Type Mapping Table
              • Spyware/Grayware Risk Type Mapping Table
            • CEF Suspicious File Logs
            • CEF Virus/Malware Logs
              • Second Action Mapping Table
            • CEF Web Security Logs
              • Filter/Blocking Type Mapping Table
              • Protocol Mapping Table

        Advanced Threat Activity Events

        Use the Event Notifications screen to enable and configure notifications for advanced threat activity detected on your network.

        • Attack Discovery Detections
        • C&C Callback Alert
        • C&C Callback Outbreak Alert
        • Correlated Incident Detections
        • Email Messages with Advanced Threats
        • High Risk Virtual Analyzer Detections
        • High Risk Host Detections
        • Known Targeted Attack Behavior
        • Potential Document Exploit Detections
        • Rootkit or Hacking Tool Detections
        • SHA-1 Deny List Detections
        • Watchlisted Recipients at Risk
        • Worm or File Infector Propagation Detections
        Parent topic: Notifications