Network Inventory supports Deep Discovery Inspector 6.7 with new central management features

December 18, 2023 — Network Inventory now supports the following central management features for Deep Discovery Inspector version 6.7 and later.
  • Configure detection exceptions and packet capture settings.
  • Connect Deep Discover Inspector to Trend Vision One using a Service Gateway.
  • Toggle SSH and hypersensitive settings.
Network SecurityNetwork Inventory

Cloud Accounts now previewing Azure subscription support

December 18, 2023 — As a preview feature, Cloud Accounts now supports connecting Azure Subscriptions to Trend Vision One. Connecting your Azure Subscription allows Trend Vision One to discover your Azure cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, cloud accounts and assets from your Azure subscriptions are visible in the Cloud Posture and Attack Surface Discovery apps under Attack Surface Risk Management. For more information, see Adding an Azure subscription.
Service ManagementCloud Accounts

Local user account support added to Zero Trust Secure Access

December 18, 2023 — In addition to integration with third-party identity and access management providers, Zero Trust Secure access now supports the addition and maintenance of local user accounts. Administrators may import lists of local user emails to serve as the basis for local user accounts, or the accounts may be added manually.
Zero Trust Secure AccessSecure Access ConfigurationIdentity and Access Management

Automated Response Playbook enhancements

December 18, 2023 — The Automated Response Playbook has been enhanced to support a wider range of response actions, including user account actions such as disabling the user account, forcing sign out, and forcing password reset, and the ability to run custom scripts on endpoints.
Workflow and AutomationSecurity Playbooks

Manage all event rules in one place

December 18, 2023 — Operations Dashboard now features Event Rule Management: a centralized location for you to manage risk event rules.
When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.
Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

Visualize your Azure asset relationships

December 18, 2023 — The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.
Attack Surface Risk ManagementAttack Surface Discovery

Azure AD renamed to Microsoft Entra ID

December 15, 2023 — Azure AD has been renamed to Microsoft Entra ID across all Trend Vision One apps and features to align with Microsoft’s naming change. No app or feature functionality has been affected by the renaming.

Isolate and terminate Kubernetes containers

Dec 15, 2023 — Customers can now isolate or terminate potentially compromised Kubernetes pods when investigating threat incidents in Workbench, Observed Attack Techniques, and Search.
Cloud SecurityContainer Security

Public APIs for Container Security now available on Trend Vision One Automation Center

December 15 — Public APIs for Trend Vision One Container Security are now available on the Trend Vision One Automation Center. See the Automation Center for more information.

Customize YARA and osquery task names

December 11, 2023 — During an investigation, users can run multiple rounds of osquery or YARA tasks to narrow down the affected endpoint scope. Task names can now be customized to easily distinguish between multiple rounds of task results.
XDR Threat InvestigationForensics

Enhance investigations with VirusTotal threat intelligence in Evidence Report view

December 11, 2023 — You can now right-click URLs, domains, IPs, or file SHA-1 and select “VirusTotal” to facilitate thorough investigation of possible threats in your environment.
XDR Threat InvestigationForensics

Forensics workspaces provide quick link to related tasks

December 11, 2023 — Workspaces in Forensics now offer a quick link to all tasks related to the workspace. Click the Related Tasks button to go to a pre-filtered list in the Task List tab where you can view the status and results of workspace-related tasks.
XDR Threat InvestigationForensics

Forensics app now enriches evidence with Trend Micro Smart Protection Network data

December 11, 2023 — Powered by Trend Micro Smart Protection Network services such as Web Reputation Services, the Forensics app can now enrich network-related data collected as evidence. You can now view the score and corresponding risk level of certain URLs, IP addresses, and domain names that you collect and add to Forensics workspaces.
XDR Threat InvestigationForensics

Container Security supports management scope

December 11, 2023 — For customers that have updated to the Foundation Services release, Container Security now supports management scope.
Permissions to view and manage Kubernetes clusters and Amazon ECS clusters can be assigned based on management scope for user roles. You can configure the management scope for each custom role in User Roles.
AdministrationUser Roles

Agentless Vulnerability & Threat Detection Resources Gain Tagging

December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.
Attack Surface Risk ManagementOperations Dashboard

Manually add IP addresses to discover internet-facing assets

December 4, 2023 — Trend Vision One now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.
The ability to add seed IP addresses is only available for customers using a Trend Micro solution as the data source for internet-facing assets and that do not have an active trial for Attack Surface Risk Management.
Attack Surface Risk ManagementAttack Surface Discovery

Vulnerability Assessment on Windows Server 2012/Windows Server 2012 R2 endpoints

December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.
Attack Surface Risk ManagementExecutive Dashboard
Attack Surface Risk ManagementOperations Dashboard

Targeted Attack Detection officially released

December 1, 2023 — Targeted Attack Detection is out of preview, and now an officially released app. Targeted Attack Detection is free to use, so any Trend Vision One user can leverage the app to analyze Smart Feedback data to determine if your environment is under attack.
XDR Threat InvestigationTargeted Attack Detection