Views:

Identify and mitigate potential system breaches and incidents in your environment.

Workbench Insights (Agentic SIEM & XDRWorkbench) displays a list of high-priority insights that let you start your investigations intelligently.
There are two types of Workbench insights: correlated alerts and standalone alerts. Trend Vision One creates insights using advanced correlation and machine learning techniques.
The following table outlines the actions available in Workbench Insights.
Action
Description
View insight details
Locate a Workbench insight and click the insight ID to view the details of the insight.
Filter and locate insights
  • Use the menus to locate specific insight data.
    • Last updated
    • Created: The time when Trend Vision One generated the insight
    • Alerts: Whether the insight has a standalone alert or multiple alerts
    • Case status: Whether you opened a case to investigate the alert
  • Click a column headings to sort insights by score, case ID, last updated and creation time.
  • Use the search box to filter insights by insight ID, alert ID, case ID, endpoint, user, email, container, cloud identity, or highlighted object.
Open a new case
Locate a Workbench insight and click Open new case to create a new case to handle the insight investigation.
Important
Important
Opening a case for standalone alerts disables the Workbench alert note functionality and transfers all related Workbench notes to the case.
You can only add new notes can directly to the case.
See Automated Response Playbooks
Click Automated Response Playbooks to display the Automated Response playbooks available in Security Playbooks.
Related information