The Observed Attack Techniques app displays the individual events detected in your environment that may trigger an alert and any related MITRE information.
Trend Micro Vision One detects events through use of granular detection filters that make up the detection models that trigger alerts. Events that Trend Micro Vision One lists on the Observed Attack Techniques screen do not necessarily result in a Workbench alert. You can use the data in the Trend Micro Vision One app to further investigate Workbench alerts and evaluate individual detections.
The following table outlines the actions available in the Observed Attack Techniques app.
Action |
Description |
---|---|
Filter event data |
Use the Endpoint name field and drop-down lists to locate specific event data.
|
Hide detection filters from the list |
If you receive a lot of detections on particular detection filters that do not interest you, you can temporarily hide the data for specific filters. Right-click the unwanted Detection filter name and click Hide Value. After adding all unwanted filters to the Hidden objects list, click Apply to reload the screen. Note:
You cannot save the Hidden objects list. If you leave the screen, the list resets. |
View event in Search app |
Click the View Event in Search icon ( |
View more details |
Expand any row to see more details related to the detection. |