Trend Micro Apex One

Version: Trend Micro Apex One/Central 2019 (On-Prem)

Trend Micro Apex One is an integrated solution that protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks.

Trend Micro Apex One Central is a centralized management console that manages Trend Micro products and services which allows administrators to monitor and report on activities such as infections, security violations, or virus/malware entry points.

Apex One consists of the Security Agent program that resides at the endpoint and a server program that manages all agents.

Reports are the best way to view the historical data (depending on the timeline defined). Some of the reports provided by Netsurion for Apex One are: summary of activities such as, managed user logon and logoff activity, spyware detection, virus detection, suspicious file detection, endpoint application control violation information, etc.

Dashboards are the graphical representations of activities occurring in Apex One. These dashboards can be a pie chart, or a bar diagram, or even a map. This allows user to see the key highlights of Apex One events. ex. Dashboards display Indicator of Compromises (IOC), such as file-hash or filename or login activities of managed user with their source IP address.

Alerts such as, potential threat quarantined, are included in the data source integrations. These alerts can be configured to forward emails to users/admin of Apex One as soon as any suspicious events are detected.

Once Apex One is configured to deliver events to Netsurion Manager; alerts, dashboards, and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.


Type Name Description
Security Trend Micro Apex - A potential threat could not be quarantined This alert is triggered when Trend Micro Apex One fails to quarantine a potential threat.
Security Trend Micro Apex - A potential threat has been quarantined This alert is triggered when Trend Micro Apex One quarantines a potential threat.


Type Name Description
Security Trend Micro Apex - Command and Control Activities C&C servers are used by cybercriminals to send commands to systems compromised by malware and receive stolen information from the target network. This report contains information such as, action type, risk level, detection source, requested URL, etc.
Security Trend Micro Apex - Attack Discovery Detections Activities Attack Discovery uses Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, attack discovery logs the detection. This report contains information such as, rule ID, risk level, category ID, attack discovery object information, pattern number, etc.
Security Trend Micro Apex - Endpoint Application Control Activities Endpoint Application Control allows user to enhance their defenses against malware and targeted attacks by preventing unknown and unwanted applications from executing on a corporate endpoint.
Security Trend Micro Apex - Network Content Inspection Activities Network Content Inspection depends on two components, Global C&C IP list and relevance rule pattern to detect any network content violations on a network.
Security Trend Micro Apex - Behavior Monitoring Activities Behavior Monitoring detects malicious scripts executed by legitimate windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in file-less attack vectors.
Security Trend Micro Apex - Web Security Activities Provides information on events such as threat protection on web threats, URL filtering and application control, etc.
Operations Trend Micro Apex - User login and logout activities Logon/Logoff activities logged by Trend Micro Apex One Central every time a managed user tries to log in or log out.


The configuration details are consistent with Netsurion version 9.2 and later, and Trend Micro Apex One (On-Premises).

Download Integration Guide and How-to Guide for more information and to configuration instructions.