Views:

Provides compliance information about application activity detected by Web Reputation Services

Table 1. Detailed Web Reputation Information Data View

Data

Description

Received

The date and time Apex Central received the data from the managed product

Generated

The date and time the managed product generated the data

Product Entity

The display name of the managed product server in Apex Central

Product

The name of the managed product or service

Example: Apex One, ScanMail for Microsoft Exchange

VLAN ID

The VLAN ID (VID) of the source from which the suspicious threat originates

Detected By

The filter, scan engine, or managed product that detected the threat

Traffic/Connection

The direction of the transmission

Protocol Group

The broad protocol group from which a managed product detects the suspicious threat

Example: FTP, HTTP, P2P

Protocol

The protocol from which a managed product detects the suspicious threat

Example: ARP, BitTorrent

Description

Detailed description of the incident by Trend Micro

Endpoint

The host name of the computer in compliance of the policy/rule

Source IP

The source IP address of the detected threat

Source MAC

The source MAC address of the detected threat

Source Port

The source IP address port number of the detected threat

Source IP Group

The IP address group of the source where the suspicious threat originates

Source Network Zone

The network zone of the source where the suspicious threat originates

Endpoint IP

The IP address of the endpoint the suspicious threat affects

Endpoint Port

The port number of the endpoint the suspicious threat affects

Endpoint MAC

The MAC address of the endpoint the suspicious threat affects

Endpoint Group

The IP address group of the endpoint the suspicious threat affects

Endpoint Network Zone

The network zone of the endpoint the suspicious threat affects

Policy/Rule

The policy or rule that triggered the detection

URL

The URL object that triggered the detection

Detections

The total number of detections

Example: A managed product detects 10 violations of the same type on one computer.

Detections = 10

C&C List Source

The C&C list source that identified the C&C server

C&C Risk Level

The risk level of the C&C server

Threat Type

The type of security threat

Detection Severity

The severity level of the event

IP Address (Interested)

The IP address of the target endpoint (source or destination)

For an exchange occurring within the network, the Interested IP is the source IP address. If the traffic is an external traffic, the Interested IP is the destination IP address.

IP Address (Peer)

The IP address opposite of the Interested IP

For example, if the Interested IP is the source IP address, then the Peer IP is the destination IP address.

Matching Classified Events

The log count matching the same aggregated rule

Aggregated Matching Classified Events

The aggregated log count matching the same rule

Network Group

The name of the group

Host Severity

The host severity

Log ID​

The log ID

Attack Phase

The phase with which the attack happened

Remarks

Additional information about the event

C&C Server

The name, URL, or IP address of the C&C server

C&C Server Type

The type of C&C server

Sender

The sender of the transmission that triggered the detection

Recipient

The recipient(s) of the transmission that triggered the detection

Subject

The subject of the email message containing the web URL