Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.
Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.