September 2023

September 30, 2023 — The Observed Attack Techniques API has been updated to support container-related information such as threats or activities. SIEM apps and customers can now utilize the Observed Attack Techniques Pipeline endpoints to export events that trigger filters or container events. This enables threat and activity investigation related to container security within the exported events.

For more information about the Observed Attack Techniques API, see https://automation.trendmicro.com/xdr/api-v3#tag/Observed-Attack-Techniques-Pipeline

September 29, 2023 — Container Security helps safeguard your containers throughout their entire life cycle. Container Security is accessible directly in the Trend Vision One console, offering an intuitive and seamless experience for our customers.

September 28, 2023 — The Cloud Accounts app is no longer a pre-release feature and is now generally available. Cloud Accounts does not require any credit allocation and is always included as part of Trend Vision One. However, some features managed by the Cloud Accounts app may require credits for use.

Included with this release is integration with Server & Workload Protection for AWS accounts.

For more information, see Cloud Accounts.

September 28, 2023—Cloud Detections for AWS CloudTrail is now available as a pre-release subfeature which can be enabled in the Cloud Accounts app. This feature set deploys Cloud Audit Log Monitoring in your AWS account to get actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, attempted data exfiltration, and potentially unsanctioned MFA changes.

For more information, see AWS features and permissions.

September 28, 2023—Public API for Cloud Accounts now available on the Trend Vision One Automation Center. An API to download the Cloud Accounts AWS CloudFormation Template is planned for a future release.

September 28, 2023 — Cloud Accounts now supports Japanese language settings.

September 28, 2023 — The Virtual Network Sensor is no longer a pre-release feature and now enters official release. Virtual Network Sensor comes with a 30-day free trial to allow users to evaluate the functionality and benefits. Once the trial period end, credits are automatically allocated based on usage.

For more information, see Virtual Network Sensor.

September 28, 2023 — The Virtual Network Sensor now supports deployment on Hyper-V host systems.

For more information, see Virtual Network Sensor.

September 28, 2023 — Network Inventory and Network Analytics reports now offer Japanese language support.

September 27, 2023 — Endpoint Sensor now supports a wider range of Linux platforms including Debian and SUSE, as well as several AArch64-based Linux systems such as Ubuntu 22. You can now view these additional platforms when deploying a new Trend Vision One agent in the Endpoint Inventory app.

For details on supported Linux platforms, see Endpoint Sensor Agent System Requirements and Server & Workload Protection Agent System Requirements.

September 25, 2023 — The Virtual Network Sensor now supports hypersensitive mode. The detection mode is available after enabling it in Support Settings. For more information, see Sensor Details.

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.

September 25, 2023 — The Monitored Network Throughput widget, which provides an overview of the network traffic monitored by Virtual Network Sensor, is now available in Security Dashboard.
 You can now view the 30-day average traffic volume, assess total bandwidth capacity, and track network traffic levels down to the minute both for individual appliances and across the network environment.

September 25, 2023 — To facilitate SOC analysts in quickly identifying the riskiest events within their company, Security Dashboard has a new widget called Observed Attack Techniques Summary.

This widget, summarizes the riskiest events within a given time range, assisting analysts in navigating towards the appropriate direction for further troubleshooting.

September 25, 2023 — Besides the default Executive Dashboard home page, you can now set which app you want to land on after signing in to the Trend Vision One console.

For more information, see Platform Directory.

September 25, 2023 — You can now specify the operating systems to upload and run custom scripts for when configuring Action nodes for Run Custom Script Security Playbooks. The enhancements also facilitate selecting custom scripts that are added in the Response Management app.

September 25, 2023 — In addition to Workbench alerts automatically triggering playbook execution, users now have the option to manually trigger the execution of Automated Response Playbook from Workbench.

For more information, see Investigating an alert and Alerts (Workbench Insights) in the Workbench documentation.

Furthermore, the Automated Response Playbook now includes an additional automated response action: "Terminate processes". This enhancement enables users to automatically terminate any "unrated" target processes running on an endpoint.

For more information, see Creating Automated Response Playbooks.

September 11, 2023 — Zero Trust Secure Access Internet Access has extended its Data Loss Prevention capability by integrating with Microsoft Purview Information Protection. You can now synchronize your published sensitivity labels and add them into Data Loss Prevention rules to let Internet Access block protected files with sensitivity labels from being sent outside your organization.

For details, see Adding a data loss prevention rule.

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.

The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.

The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.

In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.

September 11, 2023 — Internet Access on-premises gateways in Zero Trust Secure Access now offer integration with your existing Deep Discovery Analyzer appliances. In addition to cloud sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer appliances for analysis after integration. See the settings of your Internet Access on-premises gateways to start using the feature.

September 11, 2023 — Zero Trust Secure Access users can now update the Secure Access Modules deployed to endpoints directly from the endpoint list. Selecting Update module from the Manage module menu allows you to update modules on specified endpoints to the versions configured in Module Version Management. See the Endpoints tab in Secure Access Module to use the feature.

September 4, 2023 — Deep Security policies in Trend Vision One Endpoint Security now display the Device Control enabled/disabled status. To take advantage of this feature, ensure that your Deep Security Manager is updated to version 20.0.817 or later.