Trend Vision One consolidates suspicious object information from different sources.
A suspicious object is a known malicious or potentially malicious domain, file SHA-1,
file
SHA-256, IP address, sender address, or URL.
You can add suspicious objects to the list manually or though extraction from third-party
intelligence. In addition, Sandbox Analysis adds suspicious objects to the list after
determining
possible threats for consolidation and synchronization. Sandbox Analysis then assigns
risk level
based on analysis results.
Note
|
The following table outlines the actions available on the Suspicious Object
List tab.
Action
|
Description
|
||
Filter suspicious object data
|
Use the search field or the following drop-down lists to search specific object data:
|
||
Add or import suspicious objects
|
Click Add to open the Add
Suspicious Object screen.
For more information, see Adding or importing suspicious
objects.
|
||
View or edit suspicious object details
|
Click any object name to open the Suspicious Object Details
panel.
|
||
Manage suspicious objects
|
Manage one or more suspicious objects. Options include:
|
||
Configure default settings
|
Click to specify the default actions to take on different types of
objects at each risk level and the expiration settings for the objects.
|
||
Export object data
|
Click to export the suspicious object data to a
CSV file.
|
||
Refresh object data
|
Click to display the latest suspicious object data.
|