Response Actions

Object-specific actions allow you to directly respond to threats without leaving the Trend Micro Vision One console.

You can take specific actions on events or objects found on the Trend Micro Vision One console. After triggering a response, the Response Management app creates a task and sends the command to the target.

The following table describes the actions you can take on events or objects found in your environment.

Action

Description

Managed agent support

Add to Block List

Adds File SHA-1, URL, IP address, or Domain objects to the User-Defined Suspicious Objects List, which blocks the objects on subsequent detections

Important:

Adding an object to the User-Defined Suspicious Objects List does not terminate any active processes or connections to the object. To terminate active processes, ensure that you also trigger the Terminate response.

For more information, see Add to Block List Task.

Apex One as a Service

  • Windows

Cloud App Security

Remove from Block List

Removes the File SHA-1, URL, IP address, or Domain object added to the User-Defined Suspicious Objects List through the Add to Block List response

For more information, see Remove from Block List Task.

Apex One as a Service

  • Windows

Cloud App Security

Terminate

Terminates the active process and allows you to terminate the process on all affected endpoints

For more information, see Terminate Process Task.

Apex One as a Service

  • Windows

Collect File

Compresses the selected file on the endpoint in a password-protected archive and then sends the archive to the Response Management app

For more information, see Collect File Sample Task.

Trend Micro Vision One

  • Windows

  • Mac

Apex One as a Service

  • Windows

Cloud One - Workload Security

  • Windows

  • Linux

Quarantine Message

Moves the selected email message to the quarantine folder and allows you to quarantine the message from all affected mailboxes

For more information, see Quarantine Email Message Task.

Cloud App Security

Delete Message

Deletes the selected email message from the selected mailboxes

For more information, see Delete Email Message Task.

Cloud App Security

Isolate Endpoint

Disconnects the target endpoint from the network, except for communication with the managing Trend Micro server product

For more information, see Isolate Endpoint Task.

Trend Micro Vision One

  • Windows

  • Mac

Apex One as a Service

  • Windows

Cloud One - Workload Security

  • Windows

  • Linux

Restore Connection

Restores network connectivity to an endpoint that already applied the Isolate Endpoint action

For more information, see Restore Connection Task.

Trend Micro Vision One

  • Windows

  • Mac

Apex One as a Service

  • Windows

Cloud One - Workload Security

  • Windows

  • Linux

Start Remote Shell Session

Connects to a monitored endpoint and allows you to execute remote commands or a custom script file for investigation

For more information, see Start Remote Shell Session Task.

Trend Micro Vision One

  • Windows

  • Mac

  • Linux

Cloud One - Workload Security

  • Windows

  • Linux

Run Remote Custom Script

Connects to a monitored endpoint and executes a previously uploaded PowerShell or Bash script file

For more information, see Run Remote Custom Script Task.

Trend Micro Vision One

  • Windows

  • Mac

Submit for Sandbox Analysis

Submits the selected file objects for automated analysis in a sandbox, a secure virtual environment.

For more information, see Submit for Sandbox Analysis Task.

Trend Micro Vision One

  • Windows

  • Mac

Apex One as a Service

  • Windows

Cloud One - Workload Security

  • Windows

  • Linux