Activity and Behaviors Detection

Trend Micro analyzes user and device behavior and highlights irregularities that could indicate that you are under attack.

Operations Dashboard assesses user accounts and devices for any unusual activity that may indicate a potential threat. If an assessment highlights events with a "High" or "Medium" risk level, the account or device and risk type information displays in the Activity and Behaviors table.

The following table outlines the indicators associated with anomaly detection and the related data sources.

Indicator

Description

Data Source

Target

Web activity

Anomalous or malicious network activity

  • Web Sensor

  • User

  • Device

Storage usage

Cloud storage usage (OneDrive/SharePoint/Outlook/Teams) by the account appears abnormal compared to the normal usage by other company accounts

  • Office 365

  • User

User activity

Abnormal user behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • User

Device activity

Abnormal device behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Device
Parent topic: Risk Index