June 2024

July 1, 2024—Custom detection filters now support AWS VPC flow log activity under the CLOUD_ACTIVITY event type and the VPC_ACTIVITY_LOG event ID.

For more information, see Network Activity Data and Cloud Activity Data.

June 27, 2024 — Trend Micro Artifact Scanner (TMAS) now supports artifact scanning for secrets. This helps to identify and manage sensitive and confidential data that might have been inadvertently exposed, like passwords and API keys. You can also integrate TMAS secret scan results with Trend Vision One - Container Security runtime policies to prevent secrets from reaching production environments.

For more information, see Artifact Scanner CLI.

June 25, 2024 – Container Protection’s Events tab now features comprehensive search and filtering enhancements, allowing you to filter by action, operation, kind, and mitigation, and includes fuzzy matching for policies and namespaces. Experience new controls with multi-select options for cluster names and a custom time range feature to optimize your workflow across Deployment/Continuous, Kubernetes Runtime, and ECS Runtime environments.

June 25, 2024 – Container Protection's Vulnerabilities tab now features advanced search capabilities and enhanced data presentation, including the addition of 'Image Name' and 'CVSS Score' in the Detail View. Streamline your security analysis with expanded filters like fuzzy matching, multi-select dropdowns, and time range selections, all sortable by severity and time metrics.

June 26, 2024 — Case Management now offers a detailed view of each case, allowing you to retrieve your case information and track progress easily.

The new detailed view includes:

For more information, see Case Management.

June 25, 2024 — Container Security now supports secret scanning for container images. Secret scanning identifies sensitive and confidential data, such as passwords and API keys, that have inadvertently been publicly exposed. You can define whether to allow images to be deployed based on their scan results and configure the validity period of scan results.

June 24, 2024 — Cloud Posture Terraform Template Scanner (TS) is now Generally Available with parity of coverage of the following resource types with Cloud Formation Template Scanner:

June 21, 2024 — In addition to detecting security risks, Correlated Intelligence in Cloud Email and Collaboration Protection now supports detecting anomalies that deviate from normal behaviors and may require your attention. Cloud Email and Collaboration Protection also provides visibility of anomaly detections, which allows you to have a more comprehensive view of your security landscape.

June 21, 2024 — Cloud Email and Collaboration Protection officially launches Inline Protection for Gmail to scan inbound and outbound emails before they are delivered to their destinations, with no MX record change required. This protection mode blocks threats before they can reach your users' mailboxes and prevents data leakage before it actually takes place.

June 21, 2024 — For customers who have updated to Cloud Email and Collaboration Protection, instead of going to the classic console to view your scheduled reports created there, Cloud Email and Collaboration Protection now enables you to access these reports directly from the Trend Vision One console.

June 21, 2024 — To prevent URLs from being rewritten by Time-of-Click Protection in Web Reputation, Cloud Email and Collaboration Protection now supports defining a list of URLs that can bypass Time-of-Click Protection.

June 21, 2024 — To help automatically removing emails from end users' inboxes that they have reported as spam or phishing through the Cloud Email and Collaboration Protection add-in for Outlook, Cloud Email and Collaboration Protection now provides the option to move these emails to the end users' Junk Email folder.

June 19, 2024—Gain a better understanding of the Observed Attack Techniques events detected in your environment with the help of Trend Vision One - Companion.

For more information, see Companion.

June 19, 2024 — Trend Vision One now supports the transfer of the Primary User Account to a local account within the same business.

This feature is accessible to all customers, whether or not they have updated to the Foundation Services release.

For more information, see Transferring ownership of the Primary User Account.

June 19, 2024 — Cloud Email Gateway Protection allows you to view your DMARC report data by sending source, including email service, hostname, and IP address. Besides, the solution now presents more details from raw DMARC reports in a readable format, enabling you to quickly drill down and identify the threats.

June 19, 2024 — Cloud Email Gateway Protection now supports HTML format for system notifications. You can select either predefined or custom style for HTML notifications.

June 18, 2024 — The scanner configuration feature for Agentless Vulnerability & Threat Detection settings in Cloud Accounts lets you select the resource types to include in your scans. Two resource types are available for AWS accounts: Elastic Block Store (EBS) and Elastic Container Registry (ECR). (AWS Lambda is coming soon.)

For more information, see AWS features and permissions.

June 17, 2024—Enable this feature to gather VPC flow logs from your AWS account for XDR analysis in the Search app. Flow logs are enhanced with asset meta data and noise is removed, delivering broader visibility into asset connectivity with suspicious IP addresses and anomalous behaviors.

For more information, see AWS features and permissions.

June 17, 2024 — Secure user access to public generative AI services through AI Service Access. Prevent sensitive data leakage, prompt injection, and more while allowing your users to take advantage of AI capabilities. Enable AI Service Access and get centralized management of public AI service usage in your organization, advanced content filtering to ensure you meet compliance requirements, and keep malicious responses from affecting your environment. Go to Zero Trust Secure Access → Secure Access Overview to deploy the feature.

June 17, 2024 — Device asset profiles in Attack Surface Discovery are now able to display discovered basic hardware specifications such as manufacturer, model, CPU, RAM, and disk size. Find discovered details under the basic category within the device asset profile.

June 17, 2024 — As with risk events in other risk factors, you may now mark events in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new workflow helps streamline the process of managing risk events and CVEs.

June 17, 2024 — Detailed data on daily Risk Index fluctuations, including contributing risk factors, risk events, and assets, is now available in Operations Dashboard. Hover over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points each risk factor contributed to the change. Drill down to see individual risk events and a detailed daily timeline showing expired, new, remediated, and dismissed event instances.

June 17, 2024 — Vulnerability assessment has been enhanced to support SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

June 13, 2024 — Users of cloud services may now enable Agentless Vulnerability and Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR images, and get greater visibility into your cloud asset-related security posture.

June 12, 2024 — You can now configure approval settings for specified response actions in the Response Management app.

The approval settings you configure in the Response Management app do not affect those configured in the Managed Services or Security Playbooks app.

For more information, see Response Management settings.

June 12, 2024 — With Trend Vision One – Container Security, compliance scanning with CIS benchmarks in your EKS clusters is seamless. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

To learn more, see Compliance Scanning.

June 10, 2024 — Agentless Vulnerability & Threat Detection now includes the following enhancements:

• The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
• The deployed stack now has two version values, which are tracked separately.
• To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
• Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.

When you upgrade to the new release, the contents of the agentless S3 buckets, including intermediate results, and s3 access logs, will be deleted. This has no impact on any scan results already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection deployment costs.

June 4, 2024 — Automated Response Playbooks are enhanced to include IP address as a condition in playbook settings in addition to Highlighted object risk. With this enhancement, the playbooks can filter highlighted objects with their source IP address, destination IP address, peer IP address, and interested IP address, enabling more targeted response actions.

For more information, see Creating Automated Response Playbooks.

June 3, 2024 — The Virtual Network Sensor now supports automatically submitting file objects to a virtual sandbox for analysis as a pre-release sub-feature.

The "send to sandbox" feature can be enabled from the Network Inventory screen, with the analysis report available to view in the Sandbox Analysis app. File objects submitted by the Virtual Network Sensor to the sandbox using this feature do not require credits to use during the pre-release period.

June 3, 2024 — Mobile Security now supports integration with up to five separate third-party mobile device management (MDM) solutions. To increase visibility over your managed mobile devices, integrate additional MDM solutions by going to the MDM integration settings in Mobile Inventory and clicking Add MDM Solution.

June 3, 2024 — You can now connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management. Use the new source to gain better visibility into user and group data, user activity data, and potential account misconfigurations. For more information, see Configuring data sources.

June 3, 2024 — The Mean Time to Patch (MTTP) and Average Unpatched Time (AUT) widgets in Executive Dashboard are now also available in Security Dashboard. Add the widgets to your custom dashboard to get a better picture of your overall vulnerability management status. More detailed information from Operations Dashboard can be found by clicking Go to app in each widget.