Views:
Apex Central log types correspond to specific data views for custom report templates. You can use the following data views to create custom report templates for your log query results.
For more information, see the following topics:

Security Logs

Log Name
Data View
Description
System Events:
Virus/Malware
Detailed Virus/Malware Information
Provides specific information about the virus/malware detections on your network, such as the managed product that detected the viruses/malware, the name of the virus/malware, and the infected endpoint
Spyware/Grayware
Detailed Spyware/Grayware Information
Provides specific information about the spyware/grayware detections on your network, such as the managed product that detected the spyware/grayware, the name of the spyware/grayware, and the name of the infected endpoint
Suspicious Files
Detailed Suspicious File Information
Provides specific information about suspicious files detected on your network
Behavior Monitoring
Detailed Behavior Monitoring Information
Provides specific information about Behavior Monitoring events on your network
Integrity Monitoring
Integrity Monitoring Information
Use to monitor specific changes to an endpoint, such as installed software, running services, processes, files, directories, listening ports, registry keys, and registry values
Application Control
Detailed Application Control Violation Information
Provides specific information about application control violations on your network, such as the violated Security Agent policy and criteria​
Device Control
Device Access Control Information
Provides specific information about Device Access Control events on your network
Endpoint Security Compliance
Detailed Endpoint Security Compliance Information
Provides specific information about endpoint security compliance on your network
Endpoint Security Violations
Detailed Endpoint Security Violation Information
Provides specific information about endpoint security violations on your network
Predictive Machine Learning
Detailed Predictive Machine Learning Information
Provides specific information about advanced unknown threats detected by Predictive Machine Learning
Virtual Analyzer
Detailed Virtual Analyzer Detection Information
Provides specific information about advanced unknown threats detected by Virtual Analyzer
Virtual Analyzer Suspicious Objects
Detailed Virtual Analyzer Suspicious Object Impact Information
Provides detailed information about the impact of Virtual Analyzer suspicious objects
Attack Discovery
Attack Discovery Detection Information
Provides general information about threats detected by Attack Discovery
Gray Detections
Gray Detection Information
Provides detailed information about possible indicators of attack detected on your network
Network Events:
Spam Connections
Spam Connection Information
Provides specific information about the source of spam on your network, such as the managed product that detected the spam, the specific action taken by the managed product, and the total number of spam detected
Content Violations
Detailed Content Violation Information
Provides specific information about the email messages with content violations, such as the managed product that detected the content violation, the sender(s) and recipients(s) of the email message, the name of the content violation policy, and the total number of violations detected
Email Messages with Advanced Threats
Email Messages with Advanced Threats
Provides specific information about email messages with advanced threats, such as anomalous behavior, false or misleading data, suspicious and malicious behavior patterns, and strings that indicate system compromise but require further investigation to confirm
Web Reputation
Detailed Web Reputation Information
Provides compliance information about application activity detected by Web Reputation Services
Web Violations
Detailed Web Violation Information
Provides specific information about web violations on your network
Firewall Violations
Detailed Firewall Violation Information
Provides specific information about firewall violations on your network, such as the managed product that detected the violation, the source and destination of the transmission, and the total number of firewall violations
Network Content Inspection
Network Content Inspection Information
Provides specific information about network content violations on your network
Intrusion Prevention
Detailed Intrusion Prevention Information
Provides specific information to help you achieve timely protection against known and zero-day attacks, defend against web application vulnerabilities, and identify malicious software accessing the network
C&C Callbacks
Detailed C&C Callback Information
Provides specific information about C&C callback events detected on your network
Suspicious Threats
Detailed Suspicious Threat Information
Provides specific information about suspicious threats on your network, such as the managed product that detected the suspicious threat, specific information about the source and destination, and the total number of suspicious threats on the network
Application Activity
Detailed Application Activity
Displays specific information about application activities that violate network security policies
Mitigation
Detailed Mitigation Information
Provides specific information about tasks carried out by mitigation servers to resolve threats on your network
Correlation
Detailed Correlation Information
Provides specific information about detailed threat analyses and remediation recommendations
Data Protection Events:
Data Loss Prevention
DLP Incident Information
Provides specific information about incidents detected by Data Loss Prevention
Data Discovery
Data Discovery Data Loss Prevention Detection Information
Displays specific information about incidents detected by Data Discovery

Product Information

Log Name
Data View
Description
Managed Product:
Product Status
Product Status Information
Provides detailed information about managed products registered to the Apex Central server, such as the managed product version and build number, and the managed product server operating system
Product Events
Product Event Information
Provides information about managed product events, such as managed products registering to Apex Central, component updates, and Activation Code deployments
Product Auditing Events
Product Auditing Event Log
Provides information about managed product auditing events, such as managed product console access
Apex Central:
Command Tracking
Command Tracking Information
Provides information about commands Apex Central issued to managed products, such as the date and time Apex Central issued commands for component updates or Activation Code deployments, and the status of the commands
Apex Central Events
Apex Central Event Information
Provides information about Apex Central server events, such as managed products registering to Apex Central, component updates, and Activation Code deployments
Unmanaged Endpoints
Unmanaged Endpoints
Provides information about detected endpoints that do not have a Trend Micro Trend Vision One Endpoint Security agent installed
User Access
User Access Information
Provides information about Apex Central user access and the activities users perform while logged on to Apex Central
Product Licenses
Detailed Product License Information
Provides information about the Activation Codes and licensing status of managed products or services, such as the managed product version and license expiration date