Server & Workload Protection enables you to generate a variety of reports. Reports display data for a time period
that you specify. You can generate reports for particular computers, groups of computers,
computers using a particular policy. You can also filter for certain event tags. For
details on configuring reports, see Generate reports about alerts and other activity.
One of the reports that you can generate is the Attack Report, which contains a summary
table and some additional information about the most frequent events. The summary
tables provides this information:
|
Detect Mode:
Numbers of events where Server & Workload Protection is configured to detect issues and log events, but not take other actions.
|
Prevent Mode:
Numbers of events where Server & Workload Protection is configured to detect issues, generate events, and take some sort of action.
|
Total:
Total of the numbers in the Detect Mode and Prevent Mode columns
|
Ratio:
Percentage of events prevented compared to total number detected
|
|
|
Anti-Malware
|
Passed: Server & Workload Protection detected malware and logged an event.
For information on how to change the action that Server & Workload Protection takes when it detects malware, see Configure malware scans.
|
Cleaned: Server & Workload Protection cleaned an infected file by terminating processes or deleting registries, files,
cookies, or shortcuts, depending on the type of malware.
Quarantined: Server & Workload Protection moved an infected file to the "identified files" folder.
Deleted: Server & Workload Protection deleted an infected file.
Access Denied: Server & Workload Protection prevented an infected file from being accessed, without removing the file from the
system.
Terminated: A behavior monitoring scan determined that a process was compromised and terminated
the process to prevent further infection. For details, see Enhanced anti-malware and ransomware scanning with behavior monitoring.
|
||
|
Firewall
|
Displays the number of events triggered by rule-based checks and
configuration-based checks. For a list of events generated by
configuration-based checks, see the events with IDs less than
200 in Firewall events.
|
|||
|
Reconnaissance Scan
|
Number of reconnaissance scans detected by the Firewall module. For details about
the types of reconnaissance scans and suggested actions, see Warning: Reconnaissance
Detected. For information on configuring reconnaissance scan detection, see Firewall settings.
|
Reconnaissance scans are only performed in inline mode.
|
||
|
Exploit
|
Number of events generated by the Intrusion Prevention rules
provided by Trend Micro. There are 3 main types of Intrusion
Prevention rules provided by Trend Micro:
Intrusion Prevention rules also have an associated severity,
depending on the severity of the issue that the rule identifies:
Critical, High, Medium, Low.
|
|||
|
Vulnerability
|
||||
|
Smart
|
||||
|
Policy
|
||||
|
Info
|
||||
|
Custom
|
Number of events generated by custom Intrusion Prevention rules
that you have written.
Intrusion Prevention rules have an associated severity, depending
on the severity of the issue that the rule identifies:
Critical, High, Medium, Low.
|
|||
|
Non-Rule Based
|
Number of events found by the Intrusion Prevention engine code,
rather than by a rule.
|
|||