The Detection Models screen lists all the detection models that Trend Vision One provides.

The following table outlines the actions available on the Detection Models tab.
Filter detection model data
Use the search text box and the following drop-down lists to locate specific detection models:
  • Severity: The severity level Trend Vision One assigns to the model depending on the type of event and MITRE information
  • Applicable products: The products that can apply the model for alert triggering
  • Status: Whether Trend Vision One triggers alerts for the model
  • Last updated: The time range during which Trend Micro last updated the model
For more information, see Detection model data.
Enable detection models
Enable or disable detection models for your organization based on your security requirements.
  • Hover over the Status toggle to view the required products for enabling the specific model.
  • Click the Status toggle to enable or disable the model.
Trend Vision One automatically enables all detection models if you have required products connected. As you add more supported products to your environment, Trend Vision One automatically enables the newly-supported alert triggers.
As a predefined detection model, Threat Intelligence Sweeping is enabled by default, which supports alert triggers for intelligence-driven sweeping tasks.
For more information about sweeping tasks, see Intelligence Reports.