Views:

You can specify actions for connected products to take after detecting specific suspicious objects.

Trend Vision One connects to different products and sends the Suspicious Objects List to the connected products for detection. The connected products then apply the specified action based on their capability.
Note
Note
Adding IP addresses to the Suspicious Object List does not disrupt the existing connection to the specified endpoints. Only new attempts to connect to the specified endpoints are blocked.
The following table outlines the object types and actions supported by different products and applications.
Product/Service
Object Type
Action
Endpoint Sensor agent
(Windows, Mac)
File SHA-1
Log, Block
File SHA-256
IP address
Note
Note
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE, ELF, and MACH-O file formats.
Endpoint Sensor agent
(Linux)
File SHA-1
Log, Block
File SHA-256
Note
Note
The Log and Block actions for File SHA-1 and File SHA-256 are only supported for EXE file format.
Standard Endpoint Protection agent
(Windows)
IP address
Log, Block
URL
Domain
File SHA-1
Note
Note
  • To take action on File SHA-1 objects, you must first activate Application Control for Standard Endpoint Protection.
  • The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.
Service Gateway
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Note
Note
The connected products of Service Gateway apply the specified action based on their capability. For the list of connected products, see Configuring Service Gateway settings.
Zero Trust Secure Access Internet Access
IP address
Log, Block
URL
Domain
File SHA-1
Trend Cloud One - Endpoint & Workload Security (Windows)
IP address
Log
Domain
Log
File SHA-1
Log, Block
File SHA-256
Log, Block
Note
Note
  • Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Windows.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and ELF file formats.
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
Trend Cloud One - Endpoint & Workload Security (Linux)
IP address
Log
Domain
Log
File SHA-1
Log, Block
File SHA-256
Log, Block
Note
Note
  • Endpoint & Workload Security supports the Log action for Deep Security Agent version 20.0.0-4185 or later for Linux.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for PE and ELF file formats.
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
Trend Cloud One - Endpoint & Workload Security (macOS)
IP address
Log, Block
Domain
File SHA-1
File SHA-256
URL
Note
Note
  • Endpoint & Workload Security supports the Log and Block actions for Deep Security Agent version 20.0.0-198 or later for macOS.
  • The Log and Block actions for File SHA-1 and File SHA-256 are only supported for MACH-O file format.
  • You must enable Activity Monitoring and have an XDR add-on license for Trend Cloud One - Endpoint & Workload Security in order to block and log suspicious objects.
Trend Micro Apex One as a Service
IP address
Log, Block
URL
Domain
File SHA-1
Note
Note
  • To take action on File SHA-1 objects, you must first activate Application Control for Apex One as a Service.
  • The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.
Trend Micro Apex One (on-premises)
IP address
Log, Block
URL
Domain
File SHA-1
Note
Note
  • To take action on File SHA-1 objects, you must first activate Application Control for Trend Micro Apex One (on-premises).
  • The Log and Block actions for File SHA-1 are only supported for PE and ELF file formats.
Trend Micro Cloud App Security
URL
Log, Quarantine
File SHA-1
File SHA-256
Sender address
Note
Note
After identifying a suspicious URL, file, or sender address in an email message, Cloud App Security quarantines the message from all supported mailboxes protected by Cloud App Security.
Trend Micro Deep Discovery Inspector version 6.7 SP1 or later
IP address
Log
URL
Domain
File SHA-1
Trend Micro Deep Security
File SHA-1 from Sandbox
Note
Note
File SHA-1 objects added through third-party intelligence and manual operations are not supported.
Log, Block
Trend Micro Email Security
URL
Log, Quarantine
File SHA-1
File SHA-256
Sender address
Block
TippingPoint Security Management System
IP address
Log, Block
URL
Domain
File SHA-1
File SHA-256
Important
Important
TippingPoint Security Management Systems do not automatically apply actions provided by Trend Vision One. You must set up a profile in the TippingPoint Security Management System with a reputation filter that selects entries from the reputation database and specifies the action.