Suspicious Object Actions

You can specify actions for connected products to take after detecting specific suspicious objects.

Trend Micro Vision One connects to different products and sends the Suspicious Objects List to the connected products for detection. The connected products then apply the specified action based on their capability.

Note:

Trend Micro Vision One currently supports sending the Suspicious Object List to Apex One as a Service and Cloud App Security if they are connected properly.

Besides, Trend Micro Vision One supports sending the Suspicious Object List to Service Gateway that enables connections to on-premises Trend Micro products or third-party applications within the corporate network. For more information, see Service Gateway Overview.

The following table outlines the object types and actions supported by different products.

Product

Object Type

Action

Apex One as a Service

IP address

Log, Block

URL

Log, Block

Domain

Log, Block

File SHA-1

Log, Block

Note:

Application Control must be activated for Apex One as a Service to take the Block action.

Cloud App Security

URL

Log, Quarantine

File SHA-1

Log, Quarantine

File SHA-256

Log, Quarantine

Sender address

Log, Quarantine

Note:

After identifying a suspicious URL, file, or sender address in an email message, Cloud App Security quarantines the message from all supported mailboxes protected by Cloud App Security.

Service Gateway

IP address

Note:

The connected products of Service Gateway apply the specified action based on their capability.

URL

Domain

File SHA-1

File SHA-256