The following table outlines the information available for each custom filter.
|
Field
|
Description
|
||
|
Filter name
|
The name of the custom filter
|
||
|
Description
|
Short description or notes of the custom filter
|
||
|
Severity
|
The severity of the custom filter
A severity of Medium, High, or Critical affects the Risk Index on the Executive Dashboard and Operations Dashboard. When testing or tuning a model, select Low to avoid affecting indexes.
|
||
|
Filter ID
|
The unique identifier of the custom filter
|
||
|
Event ID
|
The Trend Micro event targeted by the custom filter
|
||
|
Vendor
|
The vendor event targeted by the custom filter | ||
|
Query
|
The query string used to detect events
|
||
|
Associated model
|
Custom detection models that employ the filter
|
||
|
Custom tags
|
Labels for grouping and identifying events and filters
Max length is 64 characters
|
) next to the filter name indicates filter is disabled due to excessive execution
time, which may cause associated models to not function properly.