Views:

The Observed Attack Techniques API adds support for container data

September 30, 2023 — The Observed Attack Techniques API has been updated to support container-related information such as threats or activities. SIEM apps and customers can now utilize the Observed Attack Techniques Pipeline endpoints to export events that trigger filters or container events. This enables threat and activity investigation related to container security within the exported events.
For more information about the Observed Attack Techniques API, see https://automation.trendmicro.com/xdr/api-v3#tag/Observed-Attack-Techniques-Pipeline

Trend Vision One Container Security

September 29, 2023 — Container Security helps safeguard your containers throughout their entire life cycle. Container Security is accessible directly in the Trend Vision One console, offering an intuitive and seamless experience for our customers.
Feature
Description
Artifact Scanning
Extended to support anti-malware scanning and used for admission control
Runtime Protection support
Extended support provides you the visibility into any activity on your running containers that violates your customizable set of rules, and the ability to mitigate issues
  • Extended to support Amazon ECS, on both EC2 and Fargate,
  • Extended to support Amazon EKS on Fargate
Cloud SecurityContainer Security

Cloud Accounts official release

September 28, 2023 — The Cloud Accounts app is no longer a pre-release feature and is now generally available. Cloud Accounts does not require any credit allocation and is always included as part of Trend Vision One. However, some features managed by the Cloud Accounts app may require credits for use.
Included with this release is integration with Server & Workload Protection for AWS accounts.
  • Adding new AWS accounts in the Trend Vision One console are now exclusively handled by the Cloud Accounts app.
  • Existing AWS accounts connected to Cloud Accounts are automatically associated with a Server & Workload Protection instance.
  • Existing AWS accounts within Server & Workload Protection are automatically added to and can be managed from Cloud Accounts. Update existing AWS accounts from Server & Workload Protection to get enhanced visibility and protection features within their cloud environments.
For more information, see Cloud Accounts.
Service ManagementCloud Accounts

Cloud Detections for AWS CloudTrail now available

September 28, 2023 — Cloud Detections for AWS CloudTrail is now available as a pre-release subfeature which can be enabled in the Cloud Accounts app. This feature set deploys Cloud Audit Log Monitoring in your AWS account to get actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, attempted data exfiltration, and potentially unsanctioned MFA changes.
For more information, see AWS features and permissions.
Service ManagementCloud Accounts

Cloud Accounts public API now available

September 28, 2023 — Public API for Cloud Accounts now available on the Trend Vision One Automation Center. An API to download the Cloud Accounts AWS CloudFormation Template is planned for a future release.
Service ManagementCloud Accounts

Cloud Accounts provides Japanese language support

September 28, 2023 — Cloud Accounts now supports Japanese language settings.
Service ManagementCloud Accounts

Virtual Network Sensor general release

September 28, 2023 — The Virtual Network Sensor is no longer a pre-release feature and now enters official release. Virtual Network Sensor comes with a 30-day free trial to allow users to evaluate the functionality and benefits. Once the trial period end, credits are automatically allocated based on usage.
For more information, see Virtual Network Sensor.
Network SecurityNetwork Inventory

Virtual Network Sensor supports Hyper-V deployment

September 28, 2023 — The Virtual Network Sensor now supports deployment on Hyper-V host systems.
For more information, see Virtual Network Sensor.
Network SecurityNetwork Inventory

Network Inventory and Network Analytics provide Japanese language support

September 28, 2023 — Network Inventory and Network Analytics reports now offer Japanese language support.
Network SecurityNetwork Inventory

Endpoint Sensor now supports additional Linux platforms

September 27, 2023 — Endpoint Sensor now supports a wider range of Linux platforms including Debian and SUSE, as well as several AArch64-based Linux systems such as Ubuntu 22. You can now view these additional platforms when deploying a new Trend Vision One agent in the Endpoint Inventory app.
Endpoint SecurityEndpoint Inventory

Virtual Network Sensor supports hypersensitive mode

September 25, 2023 — The Virtual Network Sensor now supports hypersensitive mode. The detection mode is available after enabling it in Support Settings. For more information, see Sensor Details.
Network SecurityNetwork Inventory

Manually modify asset criticality in Risk Insights

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.
Attack Surface Risk ManagementAttack Surface Discovery

Monitored Network Throughput widget now available

September 25, 2023 — The Monitored Network Throughput widget, which provides an overview of the network traffic monitored by Virtual Network Sensor, is now available in Security Dashboard.
 You can now view the 30-day average traffic volume, assess total bandwidth capacity, and track network traffic levels down to the minute both for individual appliances and across the network environment.
Dashboards and ReportsSecurity Dashboard

Security Dashboard gets new widget summarizing observed attack techniques

September 25, 2023 — To facilitate SOC analysts in quickly identifying the riskiest events within their company, Security Dashboard has a new widget called Observed Attack Techniques Summary.
This widget, summarizes the riskiest events within a given time range, assisting analysts in navigating towards the appropriate direction for further troubleshooting.
Dashboards and ReportsSecurity Dashboard

Customizable home page available in Platform Directory

September 25, 2023 — Besides the default Executive Dashboard home page, you can now set which app you want to land on after signing in to the Trend Vision One console.
For more information, see Platform directory.
Platform Directory

Enhancements to Run Custom Script security playbooks

September 25, 2023 — You can now specify the operating systems to upload and run custom scripts for when configuring Action nodes for Run Custom Script Security Playbooks. The enhancements also facilitate selecting custom scripts that are added in the Response Management app.
Workflow and AutomationSecurity Playbooks

Enhancements to Automated Response Playbooks

September 25, 2023 — In addition to Workbench alerts automatically triggering playbook execution, users now have the option to manually trigger the execution of Automated Response Playbook from Workbench.
For more information, see Investigating an alert and Alerts (Workbench Insights) in the Workbench documentation.
Furthermore, the Automated Response Playbook now includes an additional automated response action: "Terminate processes". This enhancement enables users to automatically terminate any "unrated" target processes running on an endpoint.
For more information, see Creating Automated Response Playbooks.
Workflow and AutomationSecurity Playbooks

Microsoft Purview Information Protection integration with Zero Trust Secure Access Internet Access

September 11, 2023 — Zero Trust Secure Access Internet Access has extended its Data Loss Prevention capability by integrating with Microsoft Purview Information Protection. You can now synchronize your published sensitivity labels and add them into Data Loss Prevention rules to let Internet Access block protected files with sensitivity labels from being sent outside your organization.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access Configuration

Asset graph improvements enhance effectiveness

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.
The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.
The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.
In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.
Attack Surface Risk ManagementAttack Surface Discovery

Zero Trust Secure Access now supports Deep Discovery Analyzer integration

September 11, 2023 — Internet Access on-premises gateways in Zero Trust Secure Access now offer integration with your existing Deep Discovery Analyzer appliances. In addition to cloud sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer appliances for analysis after integration. See the settings of your Internet Access on-premises gateways to start using the feature.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access Configuration

Zero Trust Secure Access adds update module feature to endpoint list

September 11, 2023 — Zero Trust Secure Access users can now update the Secure Access Modules deployed to endpoints directly from the endpoint list. Selecting Update module from the Manage module menu allows you to update modules on specified endpoints to the versions configured in Module Version Management. See the Endpoints tab in Secure Access Module to use the feature.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

View Deep Security Device Control status from Trend Vision One Endpoint Security

September 4, 2023 — Deep Security policies in Trend Vision One Endpoint Security now display the Device Control enabled/disabled status. To take advantage of this feature, ensure that your Deep Security Manager is updated to version 20.0.817 or later.
Endpoint SecurityEndpoint Policies