May 15, 2025—Trend Vision One now supports Microsoft Defender for Endpoint logs in
custom detection filters.
This update includes the following changes:
-
Backup Deletion
-
Base64 Encoded PE File in Command Line
-
Clearing of System Logs
-
Detect Torrent Usage
-
Hiding a Java Class File
-
HTA Startup Persistence
-
Suspicious Bitlocker Encryption
-
Suspicious Image Load Related to IcedId
-
Turning Off System Restore
The related custom detection filters have been added to the tm-v1-detection-models GitHub repository. You can import these detection filters to your Trend Vision One environment to test
the new integration.
For more information about custom detection filters, see Create a custom filter.