Targeted Attack Detection

The Targeted Attack Detection app analyzes your Smart Protection Network data so that you can take timely prevention, investigation, and mitigation actions against ongoing attack campaigns.

The app helps you answer the questions "Is my organization under attack?" and "What can I do to prevent, investigate, and mitigate compromise?". Answering these questions requires the following:

  • Continuous analysis of attack campaigns: Trend Micro threat researchers monitor and analyze attack campaigns affecting organizations around the world. Their research provides context to detected attack indicators and allows Trend Micro Vision One to predict possible next steps by attackers.

  • Frequent analysis of your Smart Protection Network data: Modern attacks often involve multiple seemingly unrelated threats. Frequent data analysis allows Trend Micro Vision One to identify previously isolated detections that are likely to be part of complex attack campaigns.

After data analysis, the app displays information about your organization's attack exposure for a specific period. The displayed information is influenced by the following factors:

  • Security features enabled on Trend Micro management servers that you have connected to Trend Micro Vision One

  • XDR sensors installed and enabled in your environment

  • Attack campaigns monitored and analyzed by Trend Micro threat experts

The following table outlines the information available in the app.



Attack Exposure

This section displays one of the following ratings:

  • High Risk and Medium Risk: Indicators of one or more ongoing attack campaigns were found on your endpoints. Check the details of these endpoints and perform the recommended mitigation actions.

  • Low Risk: No attack indicators were found on your endpoints.


    Ratings are based on Smart Protection Network data that was analyzed within a specific period. Your organization's rating may change when any of the following events occurs.

    • You connected more management servers to Trend Micro Vision One and enabled specific security features.
    • You installed and enabled XDR sensors.

    • Trend Micro added attack campaigns or indicators to the scan scope.

  • Action Required: Your Smart Protection Network data cannot be analyzed. Enable Smart Feedback so Trend Micro Vision One can identify previously isolated detections that are likely to be part of targeted attacks.

Security Features and XDR Sensors

This section displays information about features that allow you to use the app and to improve detection of attack indicators.


Enable Smart Feedback on your management servers so that the app can analyze your Smart Protection Network data.

Trend Micro recommends enabling XDR sensors and security features such as Predictive Machine Learning to improve your overall security posture.

For more information, see Security Features and XDR Sensors.

Attack Phases

This section displays comparative line graphs for four attack phases that precede command-and-control communication.

For more information, see Attack Phases.

Attack Scope

This section displays the total number of affected endpoints and information about attack campaigns that are monitored and analyzed by Trend Micro threat experts.

For more information, see Attack Scope.