Suspicious Object List

Trend Micro Vision One consolidates suspicious object information based on input from different sources.

A suspicious object is a known malicious or potentially malicious domain, file SHA-1, file SHA-256, IP address, sender address, or URL.

You can add suspicious objects through manual operations or extract and add suspicious objects from third-party intelligence. In addition, Sandbox sends suspicious objects it determines as possible threats for consolidation and synchronization. For suspicious objects from Sandbox, they have a risk level assigned by Sandbox based on the analysis results.


For suspicious objects added through third-party intelligence and manual operations, the maximum limit is 10,000 for each object type. For suspicious objects from Sandbox, the maximum limit is 25,000 for each object type.

The following table outlines the actions available on the Suspicious Object List screen.



Filter object data

Use the Object or Description field and the following drop-down lists to locate specific object data:

  • Last updated: The time range during which a suspicious object was last updated

  • Object type: The type of a suspicious object, such as domain, file SHA-1, file SHA-256, IP address, sender address, and URL

  • Source: The source where a suspicious object was added

Add or import suspicious objects

Click Add to open the Add Suspicious Object screen.

For more information, see:

View or edit object details

Click any object name in the Object column to open the details panel. View the object settings and make changes if necessary.

Manage suspicious objects

Manage one or multiple suspicious objects. Options include:

  • Delete objects: Select unwanted objects and click Delete.

  • Change expiration settings: Select objects and click Set to Never Expire.

  • Add one or multiple objects as exceptions: Click the options icon () on an object and click Add to Exception List, or select one or more objects and click Add to Exception List.

  • Search an object: Click the options icon () on the object and click New Search: match field and value.

Configure default settings

Click Default Settings in the upper-right corner. In the Default Settings dialog box, specify the default actions to take on different types of objects at each risk level and the expiration settings for the objects.


For objects from Sandbox, default actions apply. For those objects from other sources, if you have not specified action or expiration settings, default settings apply.

Export object data

Click in the upper-right corner to export the object data into a CSV file.

Refresh object data

Click in the upper-right corner to display the latest object data.