Displays specific information about application
activities that violate network security policies
Detailed Application Activity Data View
|
Data
|
Description
|
|
Received
|
The date and time Trend Micro Apex Central received
the data from the managed product
|
|
Generated
|
The date and time the managed product generated the
data
|
|
Product Entity
|
The display name of the managed product
server in Trend Micro Apex Central
|
|
Product
|
The name of the managed product or service
Example: Apex One, ScanMail for Microsoft Exchange
|
|
VLAN ID
|
The VLAN ID (VID) of the source from which the suspicious threat originates
|
|
Detected By
|
The filter, scan engine, or managed product which detects the suspicious threat
|
|
Traffic/Connection
|
The direction of network traffic or the position on the network the suspicious
threat originates
|
|
Protocol Group
|
The broad protocol group from which a managed product detects the suspicious
threat
Example:
FTP, HTTP, P2P
|
|
Protocol
|
The protocol from which a managed product detects the suspicious threat
Example: ARP, Bearshare,
BitTorrent
|
|
Description
|
Detailed description of the incident by Trend Micro
|
|
Endpoint Host
|
The host name of the computer in compliance of the policy/rule
|
|
Source IP
|
The IP address of the source from which the suspicious threat
originates
|
|
Source MAC
|
The MAC address of the source from which the suspicious threat originates
|
|
Source Port
|
The port number of the source from which the suspicious threat originates
|
|
Source IP Group
|
The IP address group of the source where the violation originates
|
|
Source Network Zone
|
The network zone of the source where the violation originates
|
|
Endpoint IP
|
The IP address of the endpoint the suspicious threat affects
|
|
Endpoint Port
|
The port number of the endpoint the suspicious threat affects
|
|
Endpoint MAC
|
The MAC address of the endpoint the suspicious threat affects
|
|
Endpoint Group
|
The IP address group of the endpoint the suspicious threat affects
|
|
Endpoint Network Zone
|
The network zone of the endpoint the suspicious threat affects
|
|
Detections
|
The total number of detections
Example: Apex One detects 10 virus instances of the
same virus on one computer.
Detections = 10
|
|
Threat Type
|
The specific type of security threat managed products detect
|
|
Detection Severity
|
The severity level of the incident
|
|
IP Address (Interested)
|
The IP address of the target endpoint (source or destination)
For an exchange occurring within the network, the Interested IP is the source IP address.
If the
traffic is an external traffic, the Interested IP is the destination IP address.
|
|
IP Address (Peer)
|
The IP address opposite of the Interested IP
For example, if the Interested IP is the source IP address, then the Peer IP is the
destination
IP address.
|
|
Matching Classified Events
|
The log count matching the same aggregated rule
|
|
Aggregated Matching Classified Events
|
The aggregated log count matching the same rule
|
|
Network Group
|
The name of the group
|
|
Host Severity
|
The host severity
|
|
Log ID
|
The log ID
|