Managing correlation rules | Trend Micro Service Central

Views:

Manage predefined correlation rules that you can use for anomaly detection by Correlated Intelligence.

Trend Micro defines a set of correlation rules and detection signals, and continually introduces new rules and signals. Each predefined rule consists of one or multiple predefined detection signals.

The following table outlines the available actions in the Correlation Rules screen.

Action	Description
Enable or disable a correlation rule	Click the Enable or Disable icon in the Status column of a rule. The configurations apply to anomaly detection in all Correlated Intelligence policy rules.
View correlation rule details	View the targeted threat type and aggressive level of a rule. Targeted threat type: The currently supported threat types of anomalies include Suspicious Email and Possibly Unwanted Email. Aggressive level: Trend Micro classifies its predefined correlation rules for anomaly detection into three aggressive levels. Moderate: This level is designed to seek a balance between effective anomaly detection and maintaining a relatively low rate of false positives. It is suitable for everyday monitoring and for customers who prefer a safer approach without significant disruptions to their regular email flow. Aggressive: This level increases the sensitivity of anomaly detection and offers a more robust detection capability, which may result in a higher number of false positives. It is tailored for customers who require more stringent security measures to combat sophisticated attacks and are willing to accept some trade-offs in false alerts. Extra Aggressive: This highest level of aggression is recommended for critical situations, such as during an active attack or after a security breach has been identified. It provides the most aggressive form of prevention but may significantly impact normal email communication due to the high likelihood of false positives.
View detection signals comprising a correlation rule	Click the name of a rule to open the Rule Detail screen and understand what the rule is about, what detection signals are used, and how the rule is matched.
Search for correlation rules	Use the filter fields to search for desired rules by rule name, status, targeted threat type, or aggressive level.