Available data subtypes | Trend Micro Service Central

Views:

The following table outlines the available data subtypes for the definition element of a custom filter.

Data type	Available values
`CONTAINER_ACTIVITY`	`TELEMETRY_CONNECTION` `TELEMETRY_FILE` `TELEMETRY_PROCESS`
`DETECTION`	`ACCOUNT_DETECTION` `ACCOUNT_SUSPICIOUS_DETECTION` `APPLICATION_CONTROL_VIOLATION` `APP_PROTOCOL_ACCESS` `ASSET_ACTIVITY` `BEHAVIORAL_VIOLATION` `DEEP_PACKET_INSPECTION_EVENT` `DENYLIST_CHANGE` `DETECTION_LOG` `DEVICE_ACCESS_VIOLATION` `DISRUPTIVE_APPLICATION_DETECTION` `DLP_VIOLATION` `FILE_ANALYZED` `FILE_FILTERING` `FILE_TYPE_ACCESS` `FIREWALL_POLICY_VIOLATION` `INTEGRITY_MONITORING_EVENT` `INTRUSION_DETECTION` `INTRUSION_FRAGMENTED_IGMP` `INTRUSION_LAND_ATTACK` `INTRUSION_OVERLAPPING_FRAGMENT` `INTRUSION_PING_OF_DEATH` `INTRUSION_SYN_FLOOD` `INTRUSION_TEARDROP` `INTRUSION_TOO_BIG_FRAGMENT` `INTRUSION_TRACEROUTE` `LOG_INSPECTION_EVENT` `MACHINE_LEARNING_DETECTION` `MALWARE_DETECTION` `MALWARE_OUTBREAK_DETECTION` `MALWARE_SCAN_FAILURE` `MESSAGE_DETECTION` `MESSAGE_SUSPICIOUS_DETECTION` `NOTABLE_CHARACTERISTICS` `POLICY_ENFORCEMENT` `PROCESS_ACTIVITY` `PRODUCT_UPDATE` `PROTOCOL_FILTERING` `SECURITY_RISK_DETECTION` `SIGNATURE_UPDATE` `SUSPICIOUS_BEHAVIOUR_DETECTION` `SYSTEM_ACTIVITY` `SYSTEM_EVENT` `SYSTEM_LOGON_FAILURE` `WEB_POLICY_VIOLATION` `WEB_THREAT_DETECTION`
`ENDPOINT_ACTIVITY`	`TELEMETRY_ACCOUNT` `TELEMETRY_AMSI` `TELEMETRY_APP` `TELEMETRY_BM` `TELEMETRY_CONNECTION` `TELEMETRY_DNS` `TELEMETRY_FILE` `TELEMETRY_INTERNET` `TELEMETRY_MEMORY` `TELEMETRY_MODIFIED_PROCESS` `TELEMETRY_PROCESS` `TELEMETRY_REGISTRY` `TELEMETRY_SYSTEM_EVENT` `TELEMETRY_WINDOWS_EVENT` `TELEMETRY_WINDOWS_HOOK` `TELEMETRY_WMI`
`MOBILE_ACTIVITY`	`TELEMETRY_APP` `TELEMETRY_FILE` `TELEMETRY_INTERNET` `TELEMETRY_SYSTEM_EVENT`