Views:

Use templates to define your organization's secure access rules for users and devices.

Trend Vision One provides a set of pre-defined rule templates that correlate to different types of information you want to gather about your network environment. You can create a risk control rule from a template, fine-tune the rule to achieve expected results, and add automated actions to respond to and remediate risks automatically.
The following table describes the Risk Control rule templates.
Template Name
Description
Target
Users with a persistent high risk score
A user has maintained a high risk score range over a period of time in the past
  • User risk score: Risk score range that the user has maintained
    For more information about a user's risk score, see Asset profile screens.
  • Within last: Number of days for which the user has maintained within the specified risk score range
User
Devices with a persistent high risk score
A device has maintained a high risk score range over a period of time in the past
  • Device risk score: Risk score range that the device has maintained
    For more information about a device's risk score, see Asset profile screens.
  • Within last: Number of days for which the device has maintained within the specified risk score range
Device
Leaked accounts in discovered users
A user's email account is detected to have had anomalous activity, such as: suspicious phishing attachment in email from new sender, possible forge sender with urgent intention
User
Leaked accounts on discovered devices
A user's personally identifiable information (such as bank account, full name) is detected to have been leaked on the surface, deep, or dark web
Device
Suspicious activity in discovered users
A user's account displays unusual activity, such as possible forged sender with urgent intention, possible brute force attack.
User
At-risk accounts in discovered users
A user's account has been targeted by malicious email campaigns, such as possible spear phishing attack on high-profile users via link.
User
Suspicious web activity in discovered users
A user has been detected to visit a risky URL or have malicious activity within network traffic, such as malicious download from website.
User
Suspicious web activity on discovered devices
A user's visit to a risky URL or malicious activity within network traffic has been detected on a device, such as suspected Botnet infection.
Device
Suspicious email activity in discovered users
A user's email account has been detected to have malicious or anomalous email activity, such as company-wide email threats, data loss prevention violation in emails.
User
Workbench alerts for user-related events
A user-related event that may be malicious or indicate risk has been detected by XDR sensors and generated an alert in the Workbench app, such as ransomware lateral movement detection, possible sensitive information exfiltration.
User
Workbench alerts for device-related events
A device-related event that may be malicious or indicate risk has been detected by XDR sensors and generated an alert in the Workbench app, such as possible disabling of antivirus software, cryptocurrency mining malware.
Device
Operating system vulnerabilities on discovered devices
An endpoint has been detected to have exploitable operating system vulnerabilities.
Device
Application vulnerabilities on discovered devices
An endpoint has been detected to have exploitable application vulnerabilities.
Device