Views:
October 6, 2025—Trend Vision One now supports custom rules for Container Security runtime protection. This allows you to create, configure, and import your own custom rules for runtime protection, enabling you to specify custom exclusions or granular filtering to detect events of interest in your specific environment. This capability provides personalized detections extending the coverage from managed rules.
Additional improvements released with custom rules:
  • Custom detection model (CDM) support that matches custom rules detections.
  • XDR Data Explorer able to show and search detections from Container Security custom rules.
  • Splunk HEC connector configuration includes new option for custom rule detections. See Splunk HEC connector configuration for more information.
Note
Note
Custom rule detection data ingestion requires credit allocation. The data usage can be viewed in Data Source and Log Management. See Credits & Billing for more information.
For more information about custom rules, see Object management.
Cloud SecurityContainer Security