July 15, 2025—Trend Vision One now supports CrowdStrike Falcon logs in custom detection
models.
This update includes the following changes:
-
CrowdStrike Pattern Disposition - Critical Process Disabled
-
CrowdStrike Pattern Disposition - File Quarantine, Critical Process Disabled
-
CrowdStrike Pattern Disposition - Parent Process Prevented
-
CrowdStrike Pattern Disposition - Parent Process Terminated, Critical Process Disabled
-
CrowdStrike Pattern Disposition - Response Action Failed, File Quarantined, Process Blocked
-
CrowdStrike Pattern Disposition - Response Action Failed, Process Blocked
-
CrowdStrike Pattern Disposition - Detection
-
CrowdStrike Pattern Disposition - Operation Blocked
-
CrowdStrike Pattern Disposition - Process Terminate
-
CrowdStrike Pattern Disposition - Process Terminate Operation Blocked
-
CrowdStrike Pattern Disposition - Quarantine File
The related custom detection filters have been added to the tm-v1-detection-models GitHub repository. You can import these detection filters to your Trend Vision One environment to test
the new integration.
For more information about custom detection filters, see Custom filters.