Views:
July 8, 2025—Trend Vision One now supports CrowdStrike Falcon logs in custom detection models.
This update includes the following changes:
  • BITS Admin File Transfer
  • Double Extension File
  • Execution of Python Script prevented by CrowdStrike
  • Local Account Discovery
  • Malicious File Found and Quarantined by CrowdStrike
  • NS Lookup Remote Payload
  • Process Prevented by CrowdStrike
  • Process Terminated and File Quarantined by CrowdStrike
  • Registry Operation Blocked
  • Scheduled Task Prevented by CrowdStrike
The related custom detection filters have been added to the tm-v1-detection-models GitHub repository. You can import these detection filters to your Trend Vision One environment to test the new integration.
For more information about custom detection filters, see Custom filters.