Monitoring

To protect against attacks, Endpoint Sensor can monitor each endpoint for specific files through the use of monitoring rules. Monitoring rules follow the same IOC format used in investigations. Administrators can define and upload monitoring rules customized to their needs. Endpoint Sensor also comes with a preloaded IOC rule provided by Trend Micro which automatically updates to ensure protection against the latest threats.

Once a monitored file is found, Endpoint Sensor can either collect the file in a specific location, or send the file to Deep Discovery Analyzer for further analysis.

For details, see Deep Discovery Analyzer Integration.

The Monitoring menu contains the following options to configure the monitoring behavior:

  • Monitoring Settings: Use this screen to manage monitoring rules. Monitoring rules use the IOC format.

  • Submitted for Analysis: Use this screen to view the analysis results of files sent to Deep Discovery Analyzer.

  • Monitoring Log: Use this screen to view all collected files.

Monitoring is disabled by default. To start monitoring, go to Monitoring > Monitoring Settings and perform the following steps:

  1. Select Enable monitoring and submission to enable the monitoring and collection of files.
  2. Upload a customized IOC file to add specific files to monitor. By default, Trend Micro Endpoint Sensor uses the provided IOC file from Trend Micro. For details, see Monitoring Rules.
  3. Configure monitoring settings. For details, see Submission Settings.
  4. Click Save to start monitoring.
  5. Review the following screens to view monitoring results.
    • Submitted for Analysis shows the analysis results of the files sent to Deep Discovery Analyzer

      For details, see Submitted for Analysis.

    • Monitoring Log shows details of all files collected by Trend Micro Endpoint Sensor.

      For details, see Monitoring Log.