Views:

Trend Micro gathers and integrates curated threat intelligence from internal and external sources.

The following table outlines the actions available on the Curated screen.
Action
Description
Filter intelligence reports
Use the search text box and the following drop-down lists to filter curated intelligence reports:
  • Last updated: The last date and time Trend Vision One received the reports
  • View: The option to show only specific reports or all reports
  • Source: The source where the reports came from
Turn on Auto Sweeping
  • By curated report source type
    • Click Auto Sweeping and turn on Auto Sweeping for certain sources.
    • Click the Source links and turn on Auto Sweeping for the current source.
    Trend Vision One generates a scheduled sweep and runs the sweep once every day for 7 consecutive days to search your environment for threat indicators based on incoming new reports from the selected source.
  • By a single report
    Click the options button (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) at the end of the row and choose Configure Auto Sweeping. Specify the period to run Auto Sweeping for the current report and click Submit.
    A scheduled sweep runs once every day during the specified period to search your environment for threat indicators extracted from the current report.
Note
Note
The auto-sweeping paused icon (scanPaused_icon=GUID-f794bb0b-6abc-453b-bb50-f3b4eb31fa95.jpg) indicates that the report has produced potential false positives and is currently being analyzed by Trend Micro threat experts. If false positives are confirmed, the IoCs that caused the false positives may be revoked from the report or added to global exceptions before restarting the sweep.
Take additional actions
Click options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png at the end of the row and choose the action to perform on that intelligence report:
  • Trend Micro Research: Click to access related blogs or articles from Trend Micro.
  • External Reference: Click to access related blogs or articles from third parties.
  • Start Sweeping: Click to trigger a manual sweeping task which searches your environment for threat indicators.
  • Configure Auto Sweeping: Click to turn on and specify the period to automatically sweep for the current report then click Submit.
  • Start Sweeping (STIX-Shifter): Click to trigger a manual sweeping task which searches other data sources you configured in Third-Party Integrations for threat indicators using STIX-Shifter.
    For more information about STIX-Shifter connection settings, see Third-Party Integrations.
Check matched sweeps
Under Matched sweeps, review the number of tasks that have indicator matches and the total number of sweeping tasks. For example, the message means one sweeping task has indicator matches among a total of seven sweeping tasks.
Note
Note
The message 0 out of 0 indicates that no sweeping task was triggered.
Trend Vision One defines a 180-day data retention period for the sweeping task history. The message under Matched sweeps resets to 0 out of 0 once the retention period expires.
View sweeping task details
Click run_icon=cbe6ecd0-17e8-4e04-bef3-4efe4eb9c7e5.png next to the row to expand sweeping tasks and review basic information about each task.
To further explore tasks with indicator matches, do the following:
  • Click the links under Related links to open Workbench alerts or download sweeping results.
  • Click details_icon=f45ada04-b746-40a7-a5f4-2166c059213c.png to see matched indicators and associated entities of the tasks.