Views:

Each detection model is specialized in discovering a particular type of threats.

The following table outlines the information available for each detection model.
Column
Description
Severity
The severity level Trend Vision One assigns to the model depending on the type of event and MITRE information
  • model_severity_critical=GUID-5E6F28D2-EB89-437D-96B7-41EF802ABF2C=1=en-us=Low.png Critical: Exhibits strong evidence of compromise for targeted attacks, Advanced Persistent Threats (APTs), or cybercrime operations
  • model_severity_high=GUID-9798A05B-B343-40D3-8E69-5855B30FC1F7=1=en-us=Low.png High: Exhibits highly suspicious indicators associated with targeted attacks, APTs, or cybercrime operations
  • model_severity_medium=GUID-0C89A6A7-0CA7-4A54-8151-2E2B221396D1=1=en-us=Low.png Medium: Exhibits suspicious indicators possibly associated with malware infections, policy violations, or cybercrime operations
  • model_severity_low=GUID-7B6FE133-F868-4AAE-8494-17D690ABE473=1=en-us=Low.png Low: Exhibits mildly suspicious indicators useful for security monitoring or threat hunting
Model
The name of the model, defining the type of threat to detect
Description
The description of the model, further explaining the type of threat to detect
Applicable products
The products that can apply the model for alert triggering
Last updated
The date and time Trend Micro last updated the model
Status
Whether Trend Vision One triggers alerts for the model
If you enable an alert trigger, Trend Vision One starts to collect activity data from your supported products. To further check the alerts triggered by detection models, go to Workbench.