Search Actions

Context menus provide additional search options that you can access during an investigation, after encountering objects or data that you want to further explore.

The following table describes the Search actions available for certain events or objects found in your environment.

Action

Description

New Search: match field and value

Opens another instance of Trend Micro Vision One and creates a new search query with the selected value added as search criteria

New Search: Endpoint Activity Data +/- 1 min

Opens another instance of Trend Micro Vision One and creates a new search query with the selected value added as search criteria for endpoint activities. The time range for the new search is limited to one minute before and after the logged time.

New Search: Endpoint Activity Data +/- 5 min

Opens another instance of Trend Micro Vision One and creates a new search query with the selected value added as search criteria for endpoint activities. The time range for the new search is limited to five minutes before and after the logged time.

New Search: Endpoint Activity Data +/- 10 min

Opens another instance of Trend Micro Vision One and creates a new search query with the selected value added as search criteria for endpoint activities. The time range for the new search is limited to ten minutes before and after the logged time.

Add Filter: field IS value

Adds the selected value as search criteria to the existing search query

Add Filter: field IS NOT value

Adds the selected value as an exception to the existing search query

Add Filter: field IS EMPTY

Adds the selected field with no value as search criteria to the existing search query

Add Filter: field EXISTS

Adds the selected field with any value as search criteria to the existing search query

Google

Opens a new browser tab and searches Google for the selected value

VirusTotal

Opens a new browser tab and searches VirusTotal for the selected value

View Event in Observed Attack Techniques

Opens a new browser tab and shows events in the Observed Attack Techniques app for the selected value