Manage the detection models and filters Trend Vision One uses to detect events and trigger alerts.

Detection Model Management (XDR Threat InvestigationDetection Model Management) enables you to configure how Trend Vision One detects events in Observed Attack Techniques and generates alerts in Workbench.
The detection models combine multiple rules and filters using a variety of analysis techniques including data stacking and machine learning.
Trend Micro refines and adds detection models and filters to improve threat detection capabilities and reduce false positive alerts on a regular basis.
The following table outlines the tabs available in Detection Model Management:
Tab
Description
Detection Models
Lists all the predefined detection models provided by Trend Vision One
Custom Models
  • Create, manage, and edit custom detection models
  • Filter custom detection models by severity, status, and time of last update
  • Search for custom detection models by model ID, name, or filters
Custom Filters
  • Create, manage, and edit custom filters
  • Filter custom filters by risk level, event type, and time of last update
  • Search for custom filters by filter ID, name, or query
Exceptions
  • Add, manage, and edit exceptions to detection models
  • Search for exceptions by name or criteria
Related information