Views:

Detect security risks and identify anomalies by correlating signals across different sources.

Designed to empower you with enhanced detection capabilities against sophisticated attacks, Correlated Intelligence correlates suspicious signals from various sources to detect phishing security risks and anomalies.
Note
Note
Correlated Intelligence is available for Inbound Protection only.
Correlated Intelligence collects signals from Virus Scan and Spam Filtering.
One key advantage of Correlated Intelligence is its capability to see and analyze signals from multiple sources to identify phishing security risks that may go unnoticed by a single security filter. This multi-source approach adds an extra layer of protection to detect potential threats.
Another highlight of Correlated Intelligence is its ability to alert you of anomalies, which shows one or multiple signals that deviate from normal behaviors. Anomalies may not necessarily indicate a security risk, but are unusual enough to warrant attention. With this feature, you can have a more comprehensive view of your security landscape.
Correlated Intelligence operates by first gathering detection signals from various security criteria and then matching the signals against the predefined correlation rules. The aim of this process is to identify any matches that could indicate a phishing security risk or anomaly, providing a more thorough and nuanced analysis of potential security threats.
Cloud Email Gateway Protection comes with a set of predefined correlation rules and detection signals to detect Trend Micro specified security risks and anomalies. To view details about the predefined correlation rules, detection signals, and their targeted threat types of anomalies, go to the AdministrationPolicy ObjectsCorrelation Rules screen.

Procedure

  1. Click Scanning Criteria.
  2. Under the Specify security risk settings area, select the Security risks check box to enable phishing detection by Correlated Intelligence.
  3. Under the Specify anomaly settings area, select the Anomalies check box to enable anomaly detection by Correlated Intelligence.
  4. Determine to enforce all or partial predefined correlation rules to detect anomalies of different threat types.
    Trend Micro classifies its predefined correlation rules for anomaly detection into three aggressive levels: Moderate, Aggressive, and Extra Aggressive. For details about these rules and what scenarios that rules of each aggressive level are suitable for, see Managing correlation rules.
    1. Select the threat type of anomalies that you want to detect using each aggressive level of rules.
    2. Click the digit next to each aggressive level to view the associated predefined rules.
    3. To view, enable, or disable the predefined rules, click Correlation Rules to open the Correlation Rules screen under Administration.