Review the individual events detected in your environment that might trigger a Workbench alert.
Trend Vision One detects events through use of granular predefined or custom detection filters that
make up the detection models that trigger alerts. Events listed in Observed Attack
Techniques ( ) might not generate a Workbench insight or Workbench alert. You can use the data
in Trend Vision One to further investigate Workbench insights and evaluate individual detections.
The following table outlines the actions available in Observed Attack Techniques:
Action
|
Description
|
||
Filter event data
|
Use the drop-down menus to filter by Event severity and last Detected time.
You may also use the search box to filter insights by endpoint or container name.
|
||
Create a query from filters
|
To create a query in XDR Data Explorer based on your specified filters, click Query in XDR Data Explorer.
|
||
Hide detection filters from the list
|
If you receive a lot of detections on particular detection filters that do not
interest you, you can temporarily hide the data for specific filters.
Right-click the unwanted Detection filter name and click Hide Value. After adding all unwanted filters to the Hidden objects list, click Apply to reload the list.
|
||
View event details in XDR Data Explorer
|
Locate an event, click the options icon (
![]() |
||
Add event to case
|
Locate an event, click the options icon (
![]() |
||
Add event to Workbench insight
|
Locate and right-click an event, then select Add to Workbench Insight.
Adding events to Workbench insights updates the insight information, including impact
scope and highlighted object.
|
||
View detailed information about an associated entity
|
Click the Show Detailed Profile icon (
![]() |
||
View more details
|
Expand any row to see more details related to the detection and
associated entities.
|
||
Chat with Trend Companion
|
|