Views:
Create, configure, and import your own custom rules for Runtime Security. This enables you to specify custom exclusions or granular filtering to match your specific environment. After custom rules are created and imported to Trend Vision One, events are visible from the Container Security events page.
The Trend Vision One detection model in SecOps does not leverage custom rule detections. To generate workbench alerts for custom rule detections, you can create your own custom detection model. The custom detection model supports custom_fields that you defined. Learn more about Trend Vision One custom rule field descriptions.
Note
Note
  • Custom events are billed to Trend Vision One for event ingestion and storage extension. Event forwarding to Splunk is billed through the Splunk HEC Connector. Learn more about Credits & Billing.
  • Custom rules are fully compatible to use with Container Security managed rules.
  • Custom rules must be written according to the rule creation guide to be valid for Trend Vision One custom rule detections. Learn more about creating custom rules.
Related information