Use templates to define your organization's secure access rules for users and devices.
Trend Vision One provides a set of
pre-defined rule templates that correlate to different types of information you want
to
gather about your network environment. You can create a risk control rule from a template,
fine-tune the rule to achieve expected results, and add automated actions to respond
to and
remediate risks automatically.
The following table describes the Risk Control rule templates.
Template Name
|
Description
|
Target
|
Users with a persistent high risk score
|
A user has maintained a high risk score range over a period of time in the
past
|
User
|
Devices with a persistent high risk score
|
A device has maintained a high risk score range over a period of time in the
past
|
Device
|
Leaked accounts in discovered users
|
A user's email account is detected to have had anomalous activity, such as:
suspicious phishing attachment in email from new sender, possible forge sender
with urgent intention
|
User
|
Leaked accounts on discovered devices
|
A user's personally identifiable information (such as bank account, full name) is
detected to have been leaked on the surface, deep, or dark web
|
Device
|
Suspicious activity in discovered users
|
A user's account displays unusual activity, such as possible forged sender with
urgent intention, possible brute force attack.
|
User
|
At-risk accounts in discovered users
|
A user's account has been targeted by malicious email campaigns, such as possible
spear phishing attack on high-profile users via link.
|
User
|
Suspicious web activity in discovered users
|
A user has been detected to visit a risky URL or have malicious activity within
network traffic, such as malicious download from website.
|
User
|
Suspicious web activity on discovered devices
|
A user's visit to a risky URL or malicious activity within network traffic has
been detected on a device, such as suspected Botnet infection.
|
Device
|
Suspicious email activity in discovered users
|
A user's email account has been detected to have malicious or anomalous email
activity, such as company-wide email threats, data loss prevention violation in
emails.
|
User
|
Workbench alerts for user-related events
|
A user-related event that may be malicious or indicate risk has been detected by
XDR sensors and generated an alert in the Workbench app, such as ransomware
lateral movement detection, possible sensitive information exfiltration.
|
User
|
Workbench alerts for device-related events
|
A device-related event that may be malicious or indicate risk has been detected
by XDR sensors and generated an alert in the Workbench app, such as possible
disabling of antivirus software, cryptocurrency mining malware.
|
Device
|
Operating system vulnerabilities on discovered devices
|
An endpoint has been detected to have exploitable operating system
vulnerabilities.
|
Device
|
Application vulnerabilities on discovered devices
|
An endpoint has been detected to have exploitable application
vulnerabilities.
|
Device
|