|
Feature
|
Benefits
|
|
Alert notifications
|
When new alerts are detected, Trend Vision One can send you an email notification. Also as part of
Trend Micro’s quality assurance process for threat detections, if our threat
expert team identifies an alert in your environment that they believe to be
critical or interesting, they will work with regional resources to help notify you
directly. This will not occur for all alerts, and is at the discretion of the
threat expert team as they do not review all alerts for all customers.
|
|
Correlated detection models
|
Advanced detection models written by Trend Micro threat researchers
correlate low activities within or across security layers to find undiscovered
attacks. The detection models, which generate the alert triggers, combine multiple
rules and filters using a variety of analysis techniques including data stacking
and machine learning. You can turn on and off individual models as appropriate for
the organization’s risk tolerance and preferences.
|
|
Workbench and alert triage
|
View a list of alerts (workbenches) and drill down for further visibility.
Workbenches are the investigation results for a detection, where you can look at
the execution profile, identify the scope of impact and take response actions.
This is where you prioritize and process the alerts and track what has been done
(new, in progress, closed).
|
|
Attack visualization
|
Quickly understand the story of an attack with an interactive visual
representation of events. Advanced analysis is available with:
|
|
Search/Threat hunting
|
Proactively search through endpoint, email, network, and cloud
workload activity data (for example, telemetry, NetFlow, metadata, etc.) using a
simple query builder. Do IoC sweeping or custom searches using multiple parameters
and filter down into things by adding additional search criteria. From a search
result, you can initiate response or generate an Execution Profile. You can build,
save, and reuse queries for basic threat hunting.
|
|
Built-in threat intelligence
|
Detect threats sooner with automatic searching of your environment
with indicators of compromise (IoCs) published by Trend Research. When there is a
detection, built-in threat intel can help identify the associated campaign, target
platform, associated MITRE ATT&CK™ TTPs, and
can even provide links to related intelligence blog posts if available.
|
|
MITRE ATT&CK™ mapping
|
Mapping of techniques to the MITRE ATT&CK framework help organizations
quickly understand and communicate what is happening in your environment.
Hyperlinks from the workbench link to documentation for the MITRE ATT&CK
framework.
|
|
Integrated response actions
|
Offers contextually aware response choices for quick action taken directly from
within the platform, Start your response sooner by “right-clicking” on objects in
the workbench or within threat hunting search results. In one location, you can
initiate and track endpoint, email, server, and network responses.
|
|
API integrations
|
A public API can be used by customers to integrate with various SIEM
and SOAR tools. Out of the box, Trend Vision One provides a SIEM connector for alerts to be pulled into
Splunk. Unlike regular syslog forwarding, this Splunk add-on calls the Trend Vision One API to get the
list of alerts (workbenches). Analysts can click on the alert from within Splunk
and be taken to the associated workbench in the Trend Vision One platform for
additional visibility and investigation.
|
|
Software-as-a-Service solution
|
Trend Vision One
is hosted and managed in the cloud to take advantage of cloud computing
technologies. Plus, you do not have the overhead associated with managing local
hardware.
|
Views: