Settings Reference
The following tables list the settings that are available in the API with a description. Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.
Tip:
For information about how to configure settings, see the following sections:
Default policy, policy, and computer settings
The following table lists the settings that are included in default policy settings, policy settings, and computer settings.
- activityMonitoringSettingState
- antiMalwareSettingState
- applicationControlSettingState
- firewallSettingState
- integrityMonitoringSettingState
- intrusionPreventionSettingState
- logInspectionSettingState
- sapSettingState
- webReputationSettingState
Note:
These settings are included only in DefaultPolicySettings.
|
Setting |
Description |
|---|---|
| activityMonitoringSettingActivityEnabled | Sensor Activity Enabled |
| activityMonitoringSettingIndicatorEnabled | Sensor Indicator Enabled |
| activityMonitoringSettingState (Default policy settings only) | Activity Monitoring State |
| activityMonitoringSettingSyslogConfigId | Activity Monitoring Configuration |
|
Setting |
Description |
|---|---|
| antiMalwareSettingBehaviorMonitoringScanExclusionList | Scan Exclusions for Suspicious Activity/Unauthorized Change
|
| antiMalwareSettingCombinedModeProtectionSource | Anti-Malware |
| antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled | Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer |
| antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled | Use Apex Central's Suspicious Object List |
| antiMalwareSettingDocumentExploitProtectionRuleExceptions | Allowed Advanced Threat Detection Rules |
| antiMalwareSettingFileHashEnabled | Calculate Hash values of all anti-malware events (at least SHA1 by default) |
| antiMalwareSettingFileHashMd5Enabled | MD5 |
| antiMalwareSettingFileHashSha256Enabled | SHA256 |
| antiMalwareSettingFileHashSizeMaxMbytes | Skip hash values calculation if file size is large than (64MB~512MB) |
| antiMalwareSettingIdentifiedFilesSpaceMaxMbytes | Maximum disk space used to store identified files |
| antiMalwareSettingMalwareScanMultithreadedProcessingEnabled | Use multithreaded processing for Malware scans (if available) |
| antiMalwareSettingNsxSecurityTaggingEnabled | Anti-Malware NSX Security Tagging State |
| antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled | Anti-Malware NSX Only Tag on Failure to Remediate |
| antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled | Anti-Malware NSX Remove Tag |
| antiMalwareSettingNsxSecurityTaggingValue | Anti-Malware NSX Security Tag |
| antiMalwareSettingPredictiveMachineLearningExceptions | Predictive Machine Learning Exclusion List |
| antiMalwareSettingScanCacheOnDemandConfigId | Anti-Malware On Demand Scan Cache Configuration |
| antiMalwareSettingScanCacheRealTimeConfigId | Anti-Malware Real-Time Scan Cache Configuration |
| antiMalwareSettingScanFileSizeMaxMbytes | Maximum file size to scan |
| antiMalwareSettingSmartProtectionGlobalServerEnabled | Use Global Smart Protection Service for Smart Scan |
| antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Smart Protection Service for Smart Scan |
| antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal | When off domain, connect to global Smart Protection Service. (Windows only) |
| antiMalwareSettingSmartProtectionLocalServerUrls | Local Smart Protection Servers for Smart Scan |
| antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled | Warn if connection to Smart Protection Server is lost |
| antiMalwareSettingSmartScanState | Smart Scan State |
| antiMalwareSettingSpywareApprovedList | Allowed Spyware/Grayware |
| antiMalwareSettingState (Default policy settings only) | Anti-Malware State |
| antiMalwareSettingSyslogConfigId | Anti-Malware Syslog Configuration |
| antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax | Max On-Demand Malware Scan Cache Entries |
| antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax | Max Real-Time Malware Scan Cache Entries |
|
Setting |
Description |
|---|---|
| applicationControlSettingExecutionEnforcementLevel | Enforcement: |
| applicationControlSettingRulesetMode | Ruleset mode: |
| applicationControlSettingSharedRulesetId | Shared Application Control Ruleset |
| applicationControlSettingState (Default policy settings only) | Application Control State |
| applicationControlSettingSyslogConfigId | Application Control Syslog Configuration |
|
Setting |
Description |
|---|---|
| firewallSettingAntiEvasionCheckEvasiveRetransmit | Evasive Retransmit |
| firewallSettingAntiEvasionCheckFinNoConnection | FIN packet out of connection |
| firewallSettingAntiEvasionCheckFragmentedPackets | Fragmented Packets |
| firewallSettingAntiEvasionCheckOutNoConnection | Outgoing packet out of connection |
| firewallSettingAntiEvasionCheckPaws | Invalid TCP Timestamps |
| firewallSettingAntiEvasionCheckRstNoConnection | RST packet out of connection |
| firewallSettingAntiEvasionCheckTcpChecksum | TCP Checksum |
| firewallSettingAntiEvasionCheckTcpCongestionFlags | TCP Congestion Flags |
| firewallSettingAntiEvasionCheckTcpPawsZero | Timestamp PAWS Zero Allowed |
| firewallSettingAntiEvasionCheckTcpRstFinFlags | TCP Rst Fin Flags |
| firewallSettingAntiEvasionCheckTcpSplitHandshake | TCP Split Handshake |
| firewallSettingAntiEvasionCheckTcpSynFinFlags | TCP Syn Fin Flags |
| firewallSettingAntiEvasionCheckTcpSynRstFlags | TCP Syn Rst Flags |
| firewallSettingAntiEvasionCheckTcpSynWithData | TCP Syn with Data |
| firewallSettingAntiEvasionCheckTcpUrgentFlags | TCP Urgent Flags |
| firewallSettingAntiEvasionCheckTcpZeroFlags | TCP Zero Flags |
| firewallSettingAntiEvasionSecurityPosture | Anti-Evasion Posture |
| firewallSettingAntiEvasionTcpPawsWindowPolicy | TCP Timestamp PAWS Window |
| firewallSettingCombinedModeProtectionSource | Firewall |
| firewallSettingConfigPackageExceedsAlertMaxEnabled | Advanced - Generate an Alert when Agent configuration package exceeds maximum size |
| firewallSettingEngineOptionAckTimeout | ACK Storm Timeout |
| firewallSettingEngineOptionAllowNullIpEnabled | Allow Null IP |
| firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled | Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier |
| firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled | Advanced - Block IPv6 on Agents and Appliances verions 9 and later |
| firewallSettingEngineOptionBlockSameSrcDstIpEnabled | Block Same Src-Dest IP Address |
| firewallSettingEngineOptionBootStartTimeout | Boot Start Timeout |
| firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled | Bypass Cisco WAAS Connections |
| firewallSettingEngineOptionCloseTimeout | CLOSED Timeout |
| firewallSettingEngineOptionCloseWaitTimeout | CLOSE_WAIT Timeout |
| firewallSettingEngineOptionClosingTimeout | CLOSING Timeout |
| firewallSettingEngineOptionColdStartTimeout | Cold Start Timeout |
| firewallSettingEngineOptionConnectionCleanupTimeout | Connection Cleanup Timeout |
| firewallSettingEngineOptionConnectionsCleanupMax | Maximum Connections per Cleanup |
| firewallSettingEngineOptionConnectionsNumIcmpMax | Maximum ICMP Connections |
| firewallSettingEngineOptionConnectionsNumTcpMax | Maximum TCP Connections |
| firewallSettingEngineOptionConnectionsNumUdpMax | Maximum UDP Connections |
| firewallSettingEngineOptionDebugModeEnabled | Enable Debug Mode |
| firewallSettingEngineOptionDebugPacketNumMax | Number of Packets to retain in Debug Mode |
| firewallSettingEngineOptionDisconnectTimeout | DISCONNECT Timeout |
| firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled | Drop 6to4 Bogon Addresses |
| firewallSettingEngineOptionDropEvasiveRetransmitEnabled | Drop Evasive Retransmit |
| firewallSettingEngineOptionDropIpZeroPayloadEnabled | Drop IP Packet with Zero Payload |
| firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled | Drop IPv6 Bogon Addresses |
| firewallSettingEngineOptionDropIpv6ExtType0Enabled | Drop IPv6 Extension Type 0 |
| firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled | Drop IPv6 Fragments Lower Than minimum MTU |
| firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled | Drop IPv6 Reserved Addresses |
| firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled | Drop IPv6 Site Local Addresses |
| firewallSettingEngineOptionDropTeredoAnomaliesEnabled | Drop Teredo Anomalies |
| firewallSettingEngineOptionDropUnknownSslProtocolEnabled | Drop Unknown SSL Protocol |
| firewallSettingEngineOptionErrorTimeout | ERROR Timeout |
| firewallSettingEngineOptionEstablishedTimeout | ESTABLISHED Timeout |
| firewallSettingEngineOptionEventNodesMax | Number of Event Nodes |
| firewallSettingEngineOptionFilterIpv4Tunnels | Filter IPv4 Tunnels |
| firewallSettingEngineOptionFilterIpv6Tunnels | Filter IPv6 Tunnels |
| firewallSettingEngineOptionFinWait1Timeout | FIN_WAIT1 Timeout |
| firewallSettingEngineOptionForceAllowDhcpDns | Force Allow DHCP DNS |
| firewallSettingEngineOptionForceAllowIcmpType3Code4 | Force Allow ICMP type3 code4 |
| firewallSettingEngineOptionFragmentOffsetMin | Minimum Fragment Offset |
| firewallSettingEngineOptionFragmentSizeMin | Minimum Fragment Size |
| firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled | Generate Connection Events for ICMP |
| firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled | Generate Connection Events for TCP |
| firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled | Generate Connection Events for UDP |
| firewallSettingEngineOptionIcmpTimeout | ICMP Timeout |
| firewallSettingEngineOptionIgnoreStatusCode0 | Ignore Status Code |
| firewallSettingEngineOptionIgnoreStatusCode1 | Ignore Status Code |
| firewallSettingEngineOptionIgnoreStatusCode2 | Ignore Status Code |
| firewallSettingEngineOptionLastAckTimeout | LAST_ACK Timeout |
| firewallSettingEngineOptionLogAllPacketDataEnabled | Log All Packet Data |
| firewallSettingEngineOptionLogEventsPerSecondMax | Maximum Events Per Second |
| firewallSettingEngineOptionLogOnePacketPeriod | Period for Log only one packet within period |
| firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled | Log only one packet within period |
| firewallSettingEngineOptionLogPacketLengthMax | Maximum data size to store when packet data is captured |
| firewallSettingEngineOptionLoggingPolicy | Advanced Logging Policy |
| firewallSettingEngineOptionSilentTcpConnectionDropEnabled | Silent TCP Connection Drop |
| firewallSettingEngineOptionSslSessionSize | SSL Session Size |
| firewallSettingEngineOptionSslSessionTime | SSL Session Time |
| firewallSettingEngineOptionStrictTerodoPortCheckEnabled | Strict Teredo Port Check |
| firewallSettingEngineOptionSynRcvdTimeout | SYN_RCVD Timeout |
| firewallSettingEngineOptionSynSentTimeout | SYN_SENT Timeout |
| firewallSettingEngineOptionTcpMssLimit | TCP MSS Limit |
| firewallSettingEngineOptionTunnelDepthMax | Maximum Tunnel Depth |
| firewallSettingEngineOptionTunnelDepthMaxExceededAction | Action if Maximum Tunnel Depth Exceeded |
| firewallSettingEngineOptionUdpTimeout | UDP Timeout |
| firewallSettingEngineOptionVerifyTcpChecksumEnabled | Verify TCP Checksum |
| firewallSettingEngineOptionsEnabled | Use custom driver settings |
| firewallSettingEventLogFileCachedEntriesLifeTime | Cache Lifetime |
| firewallSettingEventLogFileCachedEntriesNum | Cache Size |
| firewallSettingEventLogFileCachedEntriesStaleTime | Cache Stale time |
| firewallSettingEventLogFileIgnoreSourceIpListId | Do not record events with source IP of |
| firewallSettingEventLogFileRetainNum | Number of event log files to retain (on Agent/Appliance) |
| firewallSettingEventLogFileSizeMax | Maximum size of the event log files (on Agent/Appliance) |
| firewallSettingEventsOutOfAllowedPolicyEnabled | Generate Firewall Events for packets that are 'Out Of Allowed Policy' |
| firewallSettingFailureResponseEngineSystem | Network Engine System Failure |
| firewallSettingFailureResponsePacketSanityCheck | Network Packet Sanity Check Failure |
| firewallSettingInterfaceIsolationEnabled | Enable Interface Isolation |
| firewallSettingInterfaceLimitOneActiveEnabled | Limit to one active interface |
| firewallSettingInterfacePatterns | Interface Patterns |
| firewallSettingNetworkEngineMode | Network Engine Mode |
| firewallSettingReconnaissanceBlockFingerprintProbeDuration | Computer OS Fingerprint Probe - Block Traffic |
| firewallSettingReconnaissanceBlockNetworkOrPortScanDuration | Network or Port Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpNullScanDuration | TCP Null Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpSynFinScanDuration | TCP SYNFIN Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpXmasAttackDuration | TCP Xmas Scan - Block Traffic |
| firewallSettingReconnaissanceDetectFingerprintProbeEnabled | Computer OS Fingerprint Probe - Enabled |
| firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled | Network or Port Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpNullScanEnabled | TCP Null Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpSynFinScanEnabled | TCP SYNFIN Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpXmasAttackEnabled | TCP Xmas Scan - Enabled |
| firewallSettingReconnaissanceEnabled | Reconnaissance Scan Detection - Enabled |
| firewallSettingReconnaissanceExcludeIpListId | Reconnaissance Scan Detection - Do not perform detection on traffic coming from |
| firewallSettingReconnaissanceIncludeIpListId | Reconnaissance Scan Detection - Computers/Networks on which to perform detection |
| firewallSettingReconnaissanceNotifyFingerprintProbeEnabled | Computer OS Fingerprint Probe - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled | Network or Port Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpNullScanEnabled | TCP Null Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled | TCP SYNFIN Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled | TCP Xmas Scan - Notify DSM Immediately |
| firewallSettingState (Default policy settings only) | Firewall State |
| firewallSettingSyslogConfigId | Firewall and Intrusion Prevention Syslog Configuration |
| firewallSettingVirtualAndContainerNetworkScanEnabled | Scan container network traffic |
|
Setting |
Description |
|---|---|
| integrityMonitoringSettingAutoApplyRecommendationsEnabled | Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans |
| integrityMonitoringSettingCombinedModeProtectionSource | Integrity Monitoring |
| integrityMonitoringSettingContentHashAlgorithm | Integrity Monitoring Hash Algorithm |
| integrityMonitoringSettingCpuUsageLevel | Integrity Monitoring CPU Usage Level: |
| integrityMonitoringSettingRealtimeEnabled | Real Time |
| integrityMonitoringSettingScanCacheConfigId | Integrity Scan Cache Configuration: |
| integrityMonitoringSettingState (Default policy settings only) | Integrity Monitoring State |
| integrityMonitoringSettingSyslogConfigId | Integrity Monitoring Syslog Configuration |
| integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax | Max Integrity Monitoring Scan Cache Entries |
|
Setting |
Description |
|---|---|
| intrusionPreventionSettingAutoApplyRecommendationsEnabled | Automatically implement Recommendations |
| intrusionPreventionSettingCombinedModeProtectionSource | Intrusion Prevention |
| intrusionPreventionSettingEngineOptionFragmentedIpKeepMax | Maximum number of fragmented IP packets to keep |
| intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled | Send ICMP to indicate fragmented packet timeout exceeded |
| intrusionPreventionSettingEngineOptionFragmentedIpTimeout | Fragment Timeout |
| intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled | Bypass MAC addresses that don't belong to host |
| intrusionPreventionSettingEngineOptionsEnabled | Use custom driver settings |
| intrusionPreventionSettingLogDataRuleFirstMatchEnabled | Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period) |
| intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel | Detect Mode |
| intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel | Prevent Mode |
| intrusionPreventionSettingState (Default policy settings only) | Intrusion Prevention State |
| intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled | Scan container network traffic |
|
Setting |
Description |
|---|---|
| logInspectionSettingAutoApplyRecommendationsEnabled | Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans |
| logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin | Send Agent/Appliance events to syslog when they equal or exceed the following severity level |
| logInspectionSettingSeverityClippingAgentEventStoreLevelMin | Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level |
| logInspectionSettingState (Default policy settings only) | Log Inspection State |
| logInspectionSettingSyslogConfigId | Log Inspection Syslog Configuration |
|
Setting |
Description |
|---|---|
| platformSettingAgentCommunicationsDirection | Direction of Deep Security Manager to Agent/Appliance communication |
| platformSettingAgentEventsSendInterval | Period between sending of events |
| platformSettingAgentSelfProtectionEnabled | Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent |
| platformSettingAgentSelfProtectionPassword | Password |
| platformSettingAgentSelfProtectionPasswordEnabled | Local override requires password |
| platformSettingAutoAssignNewIntrusionPreventionRulesEnabled | Automatically assign new Intrusion Prevention Rules as required by updated Application Types and Intrusion Prevention Rule dependencies |
| platformSettingAutoUpdateAntiMalwareEngineEnabled | Automatically update anti-malware engine |
| platformSettingCombinedModeNetworkGroupProtectionSource | Network Combined Mode Affinity |
| platformSettingEnvironmentVariableOverrides | Environment Variable Overrides |
| platformSettingHeartbeatInactiveVmOfflineAlertEnabled | Raise Offline Errors For Inactive Virtual Machines |
| platformSettingHeartbeatInterval | Heartbeat Interval |
| platformSettingHeartbeatLocalTimeShiftAlertThreshold | Maximum change (in minutes) of the local system time on the computer between heartbeats before an alert is raised |
| platformSettingHeartbeatMissedAlertThreshold | Number of Heartbeats that can be missed before an alert is raised |
| platformSettingInactiveAgentCleanupOverrideEnabled | Prevent this computer from being deleted if Inactive Agent Cleanup is enabled: |
| platformSettingNotificationsSuppressPopupsEnabled | Suppress all pop-up notifications on host |
| platformSettingRecommendationOngoingScansInterval | Ongoing Scan Interval |
| platformSettingRelayState | Relay State |
| platformSettingScanCacheConcurrencyMax | Max Concurrent Scans |
| platformSettingScanOpenPortListId | Ports to scan |
| platformSettingSmartProtectionAntiMalwareGlobalServerProxyId | Use Proxy when accessing Smart Protection Service for Smart Scan |
| platformSettingSmartProtectionGlobalServerEnabled | Use Global Service for Census |
| platformSettingSmartProtectionGlobalServerProxyId | Use Proxy when accessing Global Service for Census |
| platformSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Global Service for Census |
| platformSettingTroubleshootingLoggingLevel | Logging Level |
|
Setting |
Description |
|---|---|
| sapSettingState (Default policy settings only) | Configuration |
|
Setting |
Description |
|---|---|
| webReputationSettingAlertingEnabled | Alert |
| webReputationSettingAllowedUrlDomains | Allowed Domain URLs |
| webReputationSettingAllowedUrls | Allowed Page URLs |
| webReputationSettingBlockedUrlDomains | Blocked Domain URLs |
| webReputationSettingBlockedUrlKeywords | Blocked Keywords |
| webReputationSettingBlockedUrls | Blocked Page URLs |
| webReputationSettingBlockingPageLink | Blocked Page Link |
| webReputationSettingCombinedModeProtectionSource | Web Reputation |
| webReputationSettingMonitorPortListId | Ports to monitor |
| webReputationSettingSecurityBlockUntestedPagesEnabled | Block Untested Pages |
| webReputationSettingSecurityLevel | Security Level |
| webReputationSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Smart Protection Service for Web Reputation |
| webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal | When off domain, connect to global Smart Protection Service. (Windows only) |
| webReputationSettingSmartProtectionLocalServerEnabled | Use Local Smart Protection Server for Web Reputation Service |
| webReputationSettingSmartProtectionLocalServerUrls | Local Smart Protection Servers for Web Reputation |
| webReputationSettingSmartProtectionServerConnectionLostWarningEnabled | Warn if connection to Smart Protection Server is lost |
| webReputationSettingSmartProtectionWebReputationGlobalServerProxyId | Use Proxy when accessing Smart Protection Service for Web Reputation |
| webReputationSettingState (Default policy settings only) | Web Reputation State |
| webReputationSettingSyslogConfigId | Web Reputation Syslog Configuration |
|
Setting |
Description |
|---|---|
System settings
| Setting | Description |
|---|---|
| Anti-Malware Settings | |
| antiMalwareSettingEventEmailBodyTemplate | Email Template |
| antiMalwareSettingEventEmailEnabled | Anti-Malware Email Notifications Enabled |
| antiMalwareSettingEventEmailRecipients | Email Recipients |
| antiMalwareSettingEventEmailSubject | Email Subject Text |
| antiMalwareSettingRetainEventDuration | Automatically delete Anti-Malware Events older than |
| Application Control Settings | |
| applicationControlSettingRetainEventDuration | Automatically delete Application Control Events older than |
| applicationControlSettingServeRulesetsFromRelaysEnabled | Serve application control rulesets from relays |
| Firewall Settings | |
| firewallSettingEventRankSeverityDeny | Deny |
| firewallSettingEventRankSeverityLogOnly | Log Only |
| firewallSettingEventRankSeverityPacketRejection | Packet Rejection |
| firewallSettingGlobalStatefulConfigId | Global Firewall Stateful Configuration |
| firewallSettingInternetConnectivityTestExpectedContentRegex | Regular Expression for returned content used to confirm Connectivity |
| firewallSettingInternetConnectivityTestInterval | Test Interval |
| firewallSettingInternetConnectivityTestUrl | URL for testing Internet Connectivity Status |
| firewallSettingIntranetConnectivityTestExpectedContentRegex | Regular Expression for returned content used to confirm Intranet Connectivity |
| firewallSettingIntranetConnectivityTestUrl | URL for testing Intranet Connectivity Status |
| firewallSettingRetainEventDuration | Automatically delete Firewall Events older than |
| Integrity Monitoring Settings | |
| integrityMonitoringSettingEventRankSeverityCritical | Critical |
| integrityMonitoringSettingEventRankSeverityHigh | High |
| integrityMonitoringSettingEventRankSeverityLow | Low |
| integrityMonitoringSettingEventRankSeverityMedium | Medium |
| integrityMonitoringSettingRetainEventDuration | Automatically delete Integrity Monitoring Events older than |
| Intrusion Prevention Settings | |
| intrusionPreventionSettingEventRankSeverityFilterCritical | Critical |
| intrusionPreventionSettingEventRankSeverityFilterError | Error |
| intrusionPreventionSettingEventRankSeverityFilterHigh | High |
| intrusionPreventionSettingEventRankSeverityFilterLow | Low |
| intrusionPreventionSettingEventRankSeverityFilterMedium | Medium |
| intrusionPreventionSettingRetainEventDuration | Automatically delete Intrusion Prevention Events older than |
| Log Inspection Settings | |
| logInspectionSettingEventRankSeverityCritical | Critical |
| logInspectionSettingEventRankSeverityHigh | High |
| logInspectionSettingEventRankSeverityLow | Low |
| logInspectionSettingEventRankSeverityMedium | Medium |
| logInspectionSettingRetainEventDuration | Automatically delete Log Inspection Events older than |
| Platform Settings | |
| platformSettingActiveSessionsMax | Number of concurrent sessions allowed per User |
| platformSettingActiveSessionsMaxExceededAction | Action when concurrent session limit is exceeded |
| platformSettingAgentInitiatedActivationDuplicateHostnameMode | If a computer with the same name already exists |
| platformSettingAgentInitiatedActivationEnabled | Allow Agent-Initiated Activation |
| platformSettingAgentInitiatedActivationPolicyId | Policy to assign (if Policy not assigned by activation script): |
| platformSettingAgentInitiatedActivationReactivateClonedEnabled | Reactivate cloned Agents |
| platformSettingAgentInitiatedActivationReactivateUnknownEnabled | Reactivate unknown Agents |
| platformSettingAgentInitiatedActivationSpecifyHostnameEnabled | Allow Agent to specify hostname |
| platformSettingAgentInitiatedActivationToken | Agent activation token: |
| platformSettingAgentInitiatedActivationWithinIpListId | Agent-Initiated Activation IP List |
| platformSettingAgentlessVcloudProtectionEnabled | Allow Appliance protection of vCloud VMs |
| platformSettingAlertAgentUpdatePendingThreshold | Length of time an Update can be pending before raising an Alert |
| platformSettingAlertDefaultEmailAddress | Alert Email Address - The email address to which all alert emails should be sent |
| platformSettingAllowPacketDataCaptureInNetworkEvents | Allow packet data capture in network events |
| platformSettingApiSoapWebServiceEnabled | SOAP web service API Enabled |
| platformSettingApiStatusMonitoringEnabled | Status Monitoring API Enabled |
| platformSettingAwsExternalIdRetrievalEnabled | Enable retrieval and viewing of AWS External ID |
| platformSettingAwsManagerIdentityAccessKey | Access Key - The Access Key of an AWS User used for the manager identity |
| platformSettingAwsManagerIdentitySecretKey | Secret Key - The Secret Access Key of an AWS User used for the manager identity |
| platformSettingAwsManagerIdentityUseInstanceRoleEnabled | Use Instance Role |
| platformSettingAzureSsoCertificate | Azure resource provider certificate for SSO |
| platformSettingCaptureEncryptedTrafficEnabled | Allow packet data capture on encrypted traffic (SSL) |
| platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey | API Key |
| platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl | Server URL (ex: "https://[server]/webapp") |
| platformSettingConnectedThreatDefenseControlManagerProxyId | Use Proxy when accessing Apex Central |
| platformSettingConnectedThreatDefenseControlManagerSourceOption | Suspicious Object List Source |
| platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled | Compare objects against Suspicious Object List |
| platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled | When accessing Apex Central, use proxy: |
| platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled | Use default server settings |
| platformSettingContentSecurityPolicy | Content security policy |
| platformSettingContentSecurityPolicyReportOnlyEnabled | Report only |
| platformSettingDdanAutoSubmissionEnabled | Enable automatic file submission |
| platformSettingDdanManualSourceApiKey | API Key |
| platformSettingDdanManualSourceServerUrl | Server URL (ex: "https://[server]/") |
| platformSettingDdanProxyId | Use Proxy when accessing Deep Discovery Analyzer |
| platformSettingDdanSourceOption | Deep Discovery Analyzer Source |
| platformSettingDdanSubmissionEnabled | Enable submission of suspicious files to Deep Discovery Analyzer |
| platformSettingDdanUseProxyEnabled | When accessing Deep Discovery Analyzer, use proxy: |
| platformSettingDemoModeEnabled | Demo Mode Enabled |
| platformSettingEventForwardingSnsAccessKey | Access Key - The Access Key of an AWS User with access to the SNS Topic |
| platformSettingEventForwardingSnsAdvancedConfigEnabled | Amazon SNS Advanced Configuration |
| platformSettingEventForwardingSnsConfigJson | Amazon SNS Configuration |
| platformSettingEventForwardingSnsEnabled | Publish Events to Amazon Simple Notification Service |
| platformSettingEventForwardingSnsSecretKey | Secret Key - The Secret Key of an AWS User with access to the SNS Topic |
| platformSettingEventForwardingSnsTopicArn | SNS Topic ARN |
| platformSettingExportedDiagnosticPackageLocale | Exported Diagnostic Package Language |
| platformSettingExportedFileCharacterEncoding | Exported file Character Encoding |
| platformSettingHttpPublicKeyPinPolicy | HTTP public key pin policy |
| platformSettingHttpPublicKeyPinPolicyReportOnlyEnabled | Report only |
| platformSettingHttpStrictTransportEnabled | Enable HTTP Strict Transport Security |
| platformSettingInactiveAgentCleanupDuration | Delete Agents that have been inactive for: |
| platformSettingInactiveAgentCleanupEnabled | Delete Agents that have been inactive for: |
| platformSettingLinuxUpgradeOnActivationEnabled | Automatically upgrade Linux agents on activation |
| platformSettingLoadBalancerHeartbeatAddress | Load Balancer Heartbeat Hostname |
| platformSettingLoadBalancerHeartbeatPort | Load Balancer Heartbeat Port |
| platformSettingLoadBalancerManagerAddress | Load Balancer Manager Hostname |
| platformSettingLoadBalancerManagerPort | Load Balancer Manager Port |
| platformSettingLoadBalancerRelayAddress | Load Balancer Relay Hostname |
| platformSettingLoadBalancerRelayPort | Load Balancer Relay Port |
| platformSettingLogoBinaryImageimages | Logo Bytes |
| platformSettingManagedDetectResponseCompanyGuid | Company GUID |
| platformSettingManagedDetectResponseEnabled | Enable the MDR service |
| platformSettingManagedDetectResponseProxyId | Use Proxy when accessing MDR server |
| platformSettingManagedDetectResponseServerUrl | Server URL (ex: "https://[server]/") |
| platformSettingManagedDetectResponseServiceToken | Data Source GUID |
| platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled | Use default server settings |
| platformSettingManagedDetectResponseUseProxyEnabled | When accessing MDR server, use proxy: |
| platformSettingNewTenantDownloadSecurityUpdateEnabled | Enable the automatic download of Security Updates on new Tenants |
| platformSettingPrimaryTenantAllowTenantAddVmwareVcenterEnabled | Allow Tenants to add VMware vCenters |
| platformSettingPrimaryTenantAllowTenantConfigureForgotPasswordEnabled | Show the "Forgot Password?" option |
| platformSettingPrimaryTenantAllowTenantConfigureRememberMeOptionEnabled | Show the "Remember Account Name and Username" option |
| platformSettingPrimaryTenantAllowTenantConfigureSiemEnabled | Allow Tenants to configure independent Event Forwarding SIEM settings |
| platformSettingPrimaryTenantAllowTenantConfigureSnmpEnabled | Allow Tenants to configure SNMP settings |
| platformSettingPrimaryTenantAllowTenantConfigureSnsEnabled | Allow Tenants to configure SNS settings |
| platformSettingPrimaryTenantAllowTenantControlImpersonationEnabled | Allow Tenants to control access from the Primary Tenant |
| platformSettingPrimaryTenantAllowTenantDatabaseState | Primary Database Server State |
| platformSettingPrimaryTenantAllowTenantRunComputerDiscoveryEnabled | Allow Tenants to run "Computer Discovery" (directly and as a Scheduled Task) |
| platformSettingPrimaryTenantAllowTenantRunPortScanEnabled | Allow Tenants to run "Port Scan" (directly and as a Scheduled Task) |
| platformSettingPrimaryTenantAllowTenantSyncWithCloudAccountEnabled | Allow Tenants to add with Cloud Accounts |
| platformSettingPrimaryTenantAllowTenantSynchronizeLdapDirectoriesEnabled | Allow Tenants to synchronize with LDAP Directories |
| platformSettingPrimaryTenantAllowTenantUseDefaultRelayGroupEnabled | Allow Tenants to use the Relays in my "Default Relay Group" |
| platformSettingPrimaryTenantAllowTenantUseScheduledRunScriptTaskEnabled | Allow Tenants to use the "Run Script" Scheduled Task |
| platformSettingPrimaryTenantLockAndHideTenantDataPrivacyOptionEnabled | Data Privacy options on the "Agents" Tab |
| platformSettingPrimaryTenantLockAndHideTenantSmtpTabEnabled | All options on the "SMTP" Tab |
| platformSettingPrimaryTenantLockAndHideTenantStorageTabEnabled | All options on the "Storage" Tab |
| platformSettingPrimaryTenantShareConnectedThreatDefensesEnabled | Allow Tenants to use the Primary Tenant's Trend Micro Apex Central and Deep Discovery Analyzer Server settings. |
| platformSettingPrimaryTenantShareManagedDetectResponsesEnabled | Allow Tenants to use Primary Tenant's Managed Detection and Response settings. |
| platformSettingProductUsageDataCollectionEnabled | Enable Product Usage Data Collection |
| platformSettingProxyAgentUpdateProxyId | Primary Security Update Proxy used by Agents, Appliances, and Relays: |
| platformSettingProxyManagerCloudProxyId | Deep Security Manager (Cloud Accounts - HTTP Protocol Only): |
| platformSettingProxyManagerUpdateProxyId | Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing): |
| platformSettingRecommendationCpuUsageLevel | CPU Usage Level |
| platformSettingRecommendationOngoingScansEnabled | Perform ongoing Recommendation Scans |
| platformSettingRetainAgentInstallersPerPlatformMax | Number of older software versions to keep per platform |
| platformSettingRetainCountersDuration | Automatically delete Counters older than |
| platformSettingRetainSecurityUpdatesMax | Number of older Rule Updates to keep |
| platformSettingRetainServerLogDuration | Automatically delete Server Logs older than |
| platformSettingRetainSystemEventDuration | Automatically delete System Events older than |
| platformSettingSamlIdentityProviderCertificateExpiryWarningDays | Warn when a SAML identity provider certificate will expire within (days) |
| platformSettingSamlRetainInactiveExternalAdministratorsDuration | Automatically delete inactive identity provider users after (days) |
| platformSettingSamlServiceProviderCertificate | SAML Service Provider Certificate |
| platformSettingSamlServiceProviderCertificateExpiryWarningDays | Warn when the Deep Security Manager SAML Service Provider certificate will expire within (days) |
| platformSettingSamlServiceProviderEntityId | Entity ID |
| platformSettingSamlServiceProviderName | Service Name |
| platformSettingSamlServiceProviderPrivateKey | SAML Service Provider Private Key |
| platformSettingSignInPageMessage | Text |
| platformSettingSmartProtectionFeedbackBandwidthMaxKbytes | Maximum bandwidth: |
| platformSettingSmartProtectionFeedbackEnabled | Enable Trend Micro Smart Feedback (recommended) |
| platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled | Send suspicious file signatures along with feedback |
| platformSettingSmartProtectionFeedbackIndustryType | Your industry (optional): |
| platformSettingSmartProtectionFeedbackInterval | Feedback Interval (min) |
| platformSettingSmartProtectionFeedbackThreatDetectionsThreshold | Feedback Interval by threats |
| platformSettingSmtpBounceEmailAddress | "Bounce" email address (optional) - The email address to which delivery failure notifications should be sent |
| platformSettingSmtpFromEmailAddress | "From" email address - The email address from which outgoing emails should be sent |
| platformSettingSmtpPassword | SMTP password |
| platformSettingSmtpRequiresAuthenticationEnabled | Mail server requires authentication |
| platformSettingSmtpServerAddress | SMTP mail server address (optionally include :port) |
| platformSettingSmtpStartTlsEnabled | STARTTLS |
| platformSettingSmtpUsername | SMTP username |
| platformSettingSyslogConfigId | Forward System Events to a remote computer (via Syslog) using configuration |
| platformSettingSystemEventForwardingSnmpAddress | Hostname or IP address to which events should be sent |
| platformSettingSystemEventForwardingSnmpEnabled | Forward System Events to a remote computer (via SNMP) |
| platformSettingSystemEventForwardingSnmpPort | UDP port to which events should be sent |
| platformSettingTenantAllowImpersonationByPrimaryTenantEnabled | Allow Primary Tenant access to my Deep Security Environment |
| platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled | Automatically revoke Primary Tenant access after |
| platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout | Automatically revoke Primary Tenant access after |
| platformSettingTenantProtectionUsageMonitoringComputerId1 | Computer Identifier 1 |
| platformSettingTenantProtectionUsageMonitoringComputerId2 | Computer Identifier 2 |
| platformSettingTenantProtectionUsageMonitoringComputerId3 | Computer Identifier 3 |
| platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled | Use the Primary Tenant Relay Group as my Default Relay Group |
| platformSettingTrendMicroXdrApiKey | API Key |
| platformSettingTrendMicroXdrApiServerUrl | API Server URL |
| platformSettingTrendMicroXdrApiUser | API User |
| platformSettingTrendMicroXdrCommonLogReceiverUrl | Common Log Receiver URL |
| platformSettingTrendMicroXdrCompanyId | Company ID |
| platformSettingTrendMicroXdrEnabled | Forward activity data to Trend Micro XDR data lake |
| platformSettingTrendMicroXdrIdentityProviderApiUrl | Service Platform Identity Provider API URL |
| platformSettingTrendMicroXdrLogServerUrl | Log Server URL |
| platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled | Allow Agents/Appliances to download security updates directly from Primary Security Update Source if Relays are not accessible |
| platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled | Allow Agents/Appliances to download security updates when Deep Security Manager is not accessible |
| platformSettingUpdateAgentSoftwareUseDownloadCenterOnMissingDeepSecurityManagerEnabled | Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible |
| platformSettingUpdateApplianceDefaultAgentVersion | Upon deployment, update Deep Security Virtual Appliances to |
| platformSettingUpdateHostnameOnIpChangeEnabled | Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery |
| platformSettingUpdateImportedSoftwareAutoDownloadEnabled | Automatically download updates to imported software |
| platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled | Download Patterns for all Regions |
| platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled | Allow supported 8.0 and 9.0 Agents to be updated |
| platformSettingUpdateRulesPolicyAutoApplyEnabled | Automatically apply Rule Updates to Policies |
| platformSettingUpdateSecurityPrimarySourceMode | Relay Update Source |
| platformSettingUpdateSecurityPrimarySourceUrl | URL |
| platformSettingUpdateSoftwareAlternateUpdateServerUrls | Alternate Software Update Web Server(s) |
| platformSettingUserEnforceTermsAndConditionsEnabled | User must agree to the terms and conditions |
| platformSettingUserEnforceTermsAndConditionsMessage | List of Terms And Conditions |
| platformSettingUserEnforceTermsAndConditionsTitle | Text |
| platformSettingUserHideUnlicensedModulesEnabled | Hide unlicensed Protection Modules for new Users |
| platformSettingUserPasswordExpiry | User password expires |
| platformSettingUserPasswordExpirySendEmailEnabled | Send email when a user's password is about to expire |
| platformSettingUserPasswordLengthMin | User password minimum length |
| platformSettingUserPasswordRequireLettersAndNumbersEnabled | User password requires both letters and numbers |
| platformSettingUserPasswordRequireMixedCaseEnabled | User password requires both upper and lower case characters |
| platformSettingUserPasswordRequireNotSameAsUsernameEnabled | User password cannot match username or username spelled backward |
| platformSettingUserPasswordRequireSpecialCharactersEnabled | User password requires non-alphanumeric characters |
| platformSettingUserSessionDurationMax | Maximum session duration |
| platformSettingUserSessionIdleTimeout | Session idle timeout |
| platformSettingUserSignInAttemptsAllowedNumber | Number of incorrect sign-in attempts allowed (before lock out) |
| platformSettingVmwareNsxManagerNode | Manager Node for NSX communication |
| platformSettingWhoisUrl | Whois URL - The full URL to a Whois lookup with the IP represented as [IP] |
| platformSettingWindowsUpgradeOnActivationEnabled | Automatically upgrade Windows agents on activation |
| Web Reputation Settings | |
| webReputationSettingEventRankRiskBlockedByAdministratorRank | Blocked By Administrator |
| webReputationSettingEventRankRiskDangerous | Dangerous |
| webReputationSettingEventRankRiskHighlySuspicious | Highly Suspicious |
| webReputationSettingEventRankRiskSuspicious | Suspicious |
| webReputationSettingEventRankRiskUntested | Untested |
| webReputationSettingRetainEventDuration | Automatically delete Web Reputation Events older than |