The Workbench app displays the alerts triggered by detection models.
After you enable alerts and begin to receive activity data from your
supported products, Trend Vision One analyzes the data and triggers alerts for matched
detection models. You can prioritize your response to alerts based on the alert
scores and begin an in-depth investigation directly from the console.
Procedure
- Go to .
- Examine and prioritize the alerts for further investigation based on the alert
Score provided.Trend Vision One calculates the alert score based on the Model severity and Impact scope.
- Click the Workbench ID of an alert to view the summary
details.The workbench details screen provides the following information:
-
Summary: An overview of the detection model, impact scope, and detection time
-
Highlights: A list of the event objects that triggered the alert
Tip
Click any of the events to highlight the specific objects in the Observable Graph. -
Observable Graph: A visual representation of the objects that triggered the alert and the relationships among objects
-
- Right-click any object in the Observable Graph to display the context menu, which provides additional options based on the object type.