April 25, 2025 - Support for Microsoft Defender logs in custom detection filters

Trend Vision One now supports Microsoft Defender logs in custom detection models. To help you test the new feature, we added the following custom detection filters to the tm-v1-detection-models GitHub repository:
  • Active Directory (AD) Reconnaissance Activities
  • Bloodhound Post-Exploitation Tool
  • Command Line Used for Possible Overpass-The-Hash
  • DLL Search Order Hijack
  • Event Log Cleared
  • Executable Loaded an Unexpected DLL
  • File Backups Were Deleted
  • File Dropped and Launched from Remote Location
  • Hacktool in a PowerShell Script was Prevented from Executing via AMSI
  • Malicious File Uploaded to Storage Account
  • Malware Prevented
  • Malware in a Command Line was Prevented from Executing
  • Microsoft Defender Antivirus Tampering
  • Microsoft Defender has Detected a Malware
  • Possible Sideload Stealer Activity
  • Process Memory Dump
  • Process Related to Possible AD Reconnaissance
  • Security Software was Disabled
  • Sticky Keys Binary Hijack Detected
  • Successful Logon Using Overpass-the-Hash with Potentially Stolen Credentials
  • Suspected Delivery of Gootkit Malware
  • Suspected Overpass-the-Hash Attack
  • Suspicious Azure Role Assignment Detected
  • Suspicious Key Vault Recovery Detected
  • Suspicious Lsass Process Access
  • Suspicious PowerShell Command Line
  • Suspicious Script Launched
  • Suspicious Sequence of Exploration Activities
  • Windows Defender AV Detected
You can import these detection models to your Trend Vision One environment to test the new integration.
For more information about custom detection filters, see Custom filters

April 25, 2025 - Support for Fortinet logs in custom detection filters

Trend Vision One now supports Fortinet logs in custom detection models. To help you test the new feature, we added the following custom detection filters to the tm-v1-detection-models GitHub repository:
  • DHCP Client Blocked Log
  • File Reported Infected by Inline Block (Warning)
  • IP Pool PBA Block Exhausted
  • MIME Data Reported Infected by Inline Block (Warning)
  • Scan Error - Traffic Blocked
  • SSH Channel Is Blocked
  • SSH Connection Is Blocked Because Host-key Is Not Trust
  • SSH Shell Command Is Detected
  • SSL Connection Is Blocked Due To Its SSL Negotiation
  • SSL Connection Is Blocked Due To Server Certificate And SNI Mismatched
  • SSL Connection Is Blocked Due To Unable To Retrieve Server's Certificate
  • Traffic Blocked As ICAP Server Found Infection
  • VoIP SCCP Call Blocked
  • VoIP SIP Blocked
  • Web Content Banned Activity Found
You can import these detection models to your Trend Vision One environment to test the new integration.
For more information about custom detection filters, see Custom filters