Views:

You can specify actions for connected products to take after detecting specific suspicious objects.

TrendAI Vision One™ connects to different products and sends the Suspicious Object List to the connected products for detection. The connected products then apply the specified action based on their capability.
Adding IP addresses to the Suspicious Object List does not disrupt the existing connection to the specified endpoints. TrendAI Vision One™ blocks only new attempts to connect to the specified endpoints.
Refer to the table below to see which actions each product supports.
Product/Service
 Object Type
Action
TrendAI Vision One™ Endpoint Security agent - XDR for Endpoint (EDR)
(Windows)
File SHA-1
Log, Block
File SHA-256
IP address
URL
Domain
Important
Important
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and EXE file formats.
The Block action for URL and Domain requires enabling the browser extension in endpoint security policies. For more information, see Browser Extension.
TrendAI Vision One™ Endpoint Security agent - XDR for Endpoint (EDR)
(Mac)
File SHA-1
Log, Block
File SHA-256
IP address
URL
Domain
Note
Note
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for MACH-O file formats.
TrendAI Vision One™ Endpoint Security agent - XDR for Endpoint (EDR)
(Linux)
File SHA-1
Log, Block
File SHA-256
Note
Note
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for the ELF file format.
TrendAI Vision One™ Endpoint Security agent with Standard Endpoint Protection
(Windows)
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Note
Note
  • To take action on File SHA-1 and SHA-256 objects, you must first activate Application Control for Standard Endpoint Protection.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and EXE file formats.
Service Gateway
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
When suspicious objects synchronize through Service Gateway, it acts as a distribution mechanism only. Service Gateway does not directly enforce actions. Each connected product enforces actions based on its own supported object types and capabilities. So any actions that a connected product does not support, Service Gateway does not enforce.
Zero Trust Secure Access Internet Access
IP address
Log, Block
URL
Domain
File SHA-1
Trend Cloud One - Endpoint & Workload Security (Windows)
IP address
 Log
Domain
File SHA-1
Log, Block
File SHA-256
Note
Note
  • Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Windows.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and EXE file format.s
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
Trend Cloud One - Endpoint & Workload Security (Linux)
IP address
 Log
Domain
File SHA-1
Log, Block
File SHA-256
Note
Note
  • Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Linux.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for the ELF file format.
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
Trend Cloud One - Endpoint & Workload Security (macOS)
IP address
 Log, Block
Domain
File SHA-1
File SHA-256
URL
Note
Note
  • Endpoint & Workload Security supports the Log and Block actions for Deep Security Agent version 20.0.0-198 or later for macOS.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for MACH-O file format.
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
TrendAI™ Apex One as a Service
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Note
Note
  • To take action on File SHA-1 and SHA-256 objects, you must first activate Application Control for TrendAI™ Apex One as a Service.
  • The Log and Block actions for File SHA-1 and SHA-256 objects are only supported for PE and ELF file formats.
TrendAI™ Apex One (on-premises)
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Note
Note
  • To take action on File SHA-1 and SHA-256 objects, you must first activate Application Control for TrendAI™ Apex One (on-premises).
  • The Log and Block actions for File SHA-1 and SHA-256 objects are only supported for PE and ELF file formats.
  • TrendAI™ Cloud App Security
  • Cloud Email and Collaboration Protection
URL
Log, Quarantine
File SHA-1
File SHA-256
Sender address
TrendAI™ Deep Discovery Email Inspector 5.1 or later
IP address
Log
Domain
URL
Log, Quarantine
File SHA-1
File SHA-256
Note
Note
Deep Discovery Email Inspector detects suspicious email messages based on File SHA-1, File SHA-256, and URL object types.
TrendAI™ Deep Discovery Inspector version 6.7 SP1 or later
IP address
Log
URL
Domain
File SHA-1
TrendAI™ Deep Security
File SHA-1 from Sandbox
Note
Note
File SHA-1 objects added through third-party intelligence and manual operations are not supported.
Log, Block
  • TrendAI™ Email Security
  • Cloud Email Gateway Protection
URL
Log, Quarantine
File SHA-1
File SHA-256
Sender address
 Block
TippingPoint Security Management System
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Important
Important
TippingPoint Security Management Systems do not automatically apply actions provided by TrendAI Vision One™. You must set up a profile in the TippingPoint Security Management System with a reputation filter that selects entries from the reputation database and specifies the action.
Comments (0)