Understand the fields available for each custom filter, including name, description, severity, and associated models.
The following table describes the information available for each custom filter.
|
Field
|
Description
|
||
|
Filter name
|
The name of the custom filter
|
||
|
Description
|
The short description or notes of the custom filter
|
||
|
Severity
|
The severity associated with the event you want to detect
A severity of medium, high, or critical affects the Cyber Risk Index on the Cyber Risk Overview and Threat and Exposure Management. When testing or tuning a model, select low to avoid affecting indexes.
|
||
|
Filter ID
|
The unique ID of the custom filter
|
||
|
Event type
|
The data source the custom filter uses
|
||
|
Event ID
|
The Trend Micro event type the custom filter targets
|
||
|
Vendor
|
The vendor event targeted by the custom filter
This field is only available for the
THIRD_PARTY_LOG event type. |
||
|
Query
|
The query used to detect events
|
||
|
Associated model
|
The custom detection models that use the filter
|
||
|
Custom tags
|
The labels for grouping and identifying events and filters
Tags can be up to 64 characters long.
|
) next to the filter name indicates