Views:

Identify and mitigate potential system breaches and incidents in your environment.

Workbench Insights (Agentic SIEM & XDRWorkbench) displays a list of high-priority insights that let you start your investigations intelligently.
There are two types of Workbench insights: correlated alerts and standalone alerts. Trend Vision One creates insights using advanced correlation and machine learning techniques.
The following table outlines the actions available in Workbench Insights.
Action
Description
View insight details
Locate a Workbench insight and click the insight ID to view the details of the insight.
Filter and locate insights
  • Use the drop-down menus to filter insights by Last updated time, Event time, Case status, and Created time.
  • Click Add filter and select an option from the drop-down menu to filter by Alerts, Asset group, Custom tag, Criticality, Data source / processor, and Endpoint group.
  • Click a column heading to sort insights by score, case ID, last updated and creation time.
  • Use the search box to filter insights by insight ID, alert ID, case ID, endpoint, user, email, container, cloud identity, or highlighted object.
Open a new case
Locate a Workbench insight and click Open new case to create a new case to handle the insight investigation.
Important
Important
Opening a case for standalone alerts disables the Workbench alert note functionality and transfers all related Workbench notes to the case.
You can only add new notes can directly to the case.
See Automated Response Playbooks
Click Automated Response Playbooks to display the Automated Response playbooks available in Security Playbooks.