December 2024

December 17, 2024 — If the action taken on a playbook target is In progress, Successful, or Unsuccessful, you can click View All Actions on the Target in Action Details to view a comprehensive list of all response actions on the target within the Response Management app. This enhancement enables more accurate and timely decision-making, such as revoking an action (if applicable).

For more information, see Action details.

December 17, 2024 — Automated Response Playbooks have been enhanced with several new features. You can now set playbooks to execute automatically only during specified periods, providing greater control over when actions are taken. Additionally, the playbooks offer new options in the IP address condition, allowing for more precise filtering of targeted endpoints by including both Server IP and Client IP options.

Email notifications for manual approval and execution results have also been improved. These notifications now include associated Workbench alert information, giving you more context and details about the actions being taken. This enhancement ensures that you are better informed and can make more timely and accurate decisions.

For more information, see Creating Automated Response Playbooks.

December 16, 2024—TippingPoint Network Sensor now supports the sending of files to the Sandbox Analysis app. When TippingPoint Network Sensor is enabled in conjunction with Send to Sandbox, the sandbox analysis will result in additional charged credits.

December 13, 2024 - Zero Trust Secure Access Internet Access now supports the Oracle Colombia Central (Bogota) region. Users in the region may configure their service FQDNs to reflect the new location.

For more information, see Port and FQDN/IP address requirements

December 13, 2024 — You can now use the Trend Vision One RESTful APIs to get managed email accounts, email domains, and email servers from Email Asset Inventory.

For more information, see Trend Vision One Automation Center.

December 09, 2024—You can now use the agent deployment script in Endpoint Inventory to deploy sensor-only configurations of the Trend Vision One Endpoint Security agent on your endpoints. For more details, see Using the Deployment Script.

December 9, 2024 — You can now use Companion to generate summaries of open cases that include case activities, updates, and findings.

This feature streamlines case handoffs between analysts by consolidating information into concise summaries, helping SOC teams keep consistent case documentation and improve collaboration efficiency.

December 9, 2024 — Generate comprehensive PDF reports for true-positive Workbench cases that originate from Workbench Insights.

Companion can now generate PDF reports that include Workbench Insights summaries, threat activity timelines, actions taken, and recommendations to help security teams quickly understand and communicate investigation findings.

December 9, 2024 — Companion now suggests related Observed Attack Techniques events when you are working with Workbench Insights. This feature helps SOC analysts conduct more thorough investigations by identifying and incorporating relevant events.

December 9, 2024—Resolving risk events is an important task for security operations team members and IT operations. In large organizations, many individuals are involved in risk mitigation tasks, Requiting team members to leverage Case Management for more efficient collaboration. Now in Operations Dashboard, users can create new cases or assign risk events to existing cases. Cases can be closed after marking risk event statuses as risk mitigated, dismissed or accepted. All tasks related to the case can be viewed and managed from Case Management.

December 9, 2024—You can now use Case Management to synchronize Attack Surface Risk Management case information into ServiceNow. When creating a ticket profile for the Trend Vision One for ServiceNow Ticketing System, select "Attack Surface Risk Management case" from the Case type list. Then, when users open a case in Operations Dashboard, they can select the ticket profile to synchronize the case with ServiceNow.

For more information, see Configure ServiceNow ITSM to enable the Trend Vision One for ServiceNow Ticketing System.

December 9, 2024 — The Start Remote Shell Session response action now supports the taskstatus command, which allows you to view the status of the response tasks created in the current remote shell session.

For more information, see Start Remote Shell Session task.

December 9, 2024 — Workbench alerts now include MITRE tactics, techniques, and procedures (TTP) notifications.

December 9, 2024 — Companion uses machine learning to identify noteworthy or false-positive Workbench insights and proactively recommend a guided workflow for investigation and remediation.

December 9, 2024 — Cloud Email Gateway Protection enhances your DMARC enforcement with Brand Indicators for Message Identification (BIMI), allowing you to display your brand’s logo in recipient inboxes. Administrators can verify if their published BIMI records are correctly set up and active, or they can create a BIMI record and preview it in the administrator console before publishing it in DNS. This feature helps increase your brand visibility and builds customer trust.

December 6, 2024 — Case Management now offers granular control over third-party ticketing system integration and notification settings at the individual case level.

You can configure case-specific ServiceNow ticket destinations and customize notification channels through webhooks and email, enabling bi-directional synchronization between Trend Vision One cases and external ticketing systems.

December 6, 2024 — Besides the Add-in for Outlook for end user feedback, Cloud Email and Collaboration Protection provides an option in ATP policy configuration for administrators to add a warning banner at the top of incoming anomalous emails detected by Correlated Intelligence predefined correlation rules. This serves as another approach for end users to report emails to Trend Micro as false positives or false negatives to help improve threat detection. The banner also provides a rationale for the warning to advise end users on exercising caution when interacting with the message.

December 6, 2024 — Cloud Email and Collaboration Protection supports two predefined detection signals that incorporates social graph data between senders and recipients for anomaly detection in Correlated Intelligence. The signals check for the newly observed sender addresses and domains based on recipients within the last 30 days to help anomaly detection in the customer’s environment.

These detection signals are not available in all regions.

December 6, 2024 — Cloud Email and Collaboration Protection conducts a performance check on custom expressions for Data Loss Prevention (DLP) to ensure that they have suitable matching performance. When administrators create and save an expression, the back-end conducts a performance check. Based on the results, the system either confirms that the expression can be saved successfully or displays a warning advising the administrator to review and update the expression before saving again.

December 4, 2024—We've added four new widgets in the Security Dashboard for Cloud Posture app under Cloud Overview, for a quick view of your overall cloud posture. The new widgets are: Protection, Potential Attack Path, Security Posture, and Compliance.

December 4, 2024—Workbench users can access response actions and detailed profiles from the context menu on the Highlighted Objects tab.

December 3, 2024—Standard Endpoint Protection now supports adding detection exceptions based on Rule IDs to exclude specified rules from Anti-Malware Scans, Behavior Monitoring, and Suspicious Connection.

December 2, 2024—Automated tagging is now available for resources deployed to your AWS account by the Cloud Accounts app. Resources deployed by the Cloud Accounts app have the "TrendMicroProduct" tag added. You can use these tags to track resources and costs from the Cloud Accounts features. To add the tags to an existing connection, update your AWS account resource stack.

For more information, see Resources deployed by Cloud Accounts.

December 2, 2024—XDR for Cloud - VPC Flow Log Monitoring extends AWS VPC Flow Log monitoring support to the me-south-1 region. Deploy VPC Flow Log Monitoring in this region to leverage advanced capabilities to analyze network traffic and enhance threat detection.

December 2, 2024—You can now allocate Trend Vision One credits to enable SAP Scanner for Trend Vision One - Endpoint Security (Pro). You can view your current credit balance in the Credits & Billing app to help estimate future credit usage. Additionally, all existing SAP Scanner licenses are automatically converted to Trend Vision One credits upon updating from Trend Cloud One Endpoint & Workload Security to Trend Vision One Server & Workload Security.