Adding Suspicious Objects

You can add the domain, file SHA-1, file SHA-256, IP address, sender address, or URL object to the Suspicious Objects List.

  1. Go to Threat Intelligence > Suspicious Object Management.

    The Suspicious Object Management screen appears with the Suspicious Object List tab displayed.

  2. Click Add.

    The Add Suspicious Object screen appears.

  3. Select any of the following from the Method drop-down list:
    • Domain: type a domain name.

    • File SHA-1: type the SHA-1 hash value of a file.

    • File SHA-256: type the SHA-256 hash value of a file.

    • IP address: type an IPv4 or IPv6 address.

    • Sender address: type an email address.

    • URL: type a URL.

  4. Select a risk level for the object.
  5. Specify the action that connected products apply after detecting the object.

    For more information, see Suspicious Object Actions.

  6. Select an expiration option.
    • Set the object to automatically expire in a specified number of days.

    • Set the object to never expire.

  7. (Optional) Type a description.
  8. Click Submit.

    The object appears in the Suspicious Objects List.

    The connected products receive the new object information from Trend Micro Vision One during the next synchronization.