Observed Attack Techniques

Displays the individual events detected in your environment that may trigger an alert and any related MITRE information.

Trend Micro Vision One detects events through use of granular detection filters that make up the detection models that trigger alerts. Events that Trend Micro Vision One lists on the Observed Attack Techniques screen do not necessarily result in a Workbench alert. You can use the data in the Trend Micro Vision One app to further investigate Workbench alerts and evaluate individual detections.

The following table outlines the actions available in the Observed Attack Techniques app.

Action	Description
Filter event data	Use the Endpoint name field and drop-down lists to locate specific event data. Risk level: The risk assigned to the detection filter as determined by Trend Micro threat experts Important: Trend Micro experts continuously assess threats and may update the risk level of a detection at any time, based on the latest information available. Detected: When the detection occurred Detection filter: Select from Detection filter, Tactic ID, or Technique ID to locate specific filter or MITRE data
Hide detection filters from the list	If you receive a lot of detections on particular detection filters that do not interest you, you can temporarily hide the data for specific filters. Right-click the unwanted Detection filter name and click Hide Value. After adding all unwanted filters to the Hidden objects list, click Apply to reload the screen. Note: You cannot save the Hidden objects list. If you leave the screen, the list resets.
View event in Search app	Click the View Event in Search icon () to open the Search app in a new tab and view more details.
View detailed information about an associated entity	Click the Show Detailed Profile icon () to open the Detailed Profile panel.
View more details	Expand any row to see more details related to the detection.