Detection Model Data

Each detection model is specialized in discovering a particular type of threats.

The following table outlines the information available for each detection model.

Data

Description

Severity

The severity level Trend Micro Vision One assigns to the model depending on the type of event and MITRE information

  • Critical: Exhibits strong evidence of compromise for targeted attacks, Advanced Persistent Threats (APTs), or cybercrime operations

  • High: Exhibits highly suspicious indicators associated with targeted attacks, APTs, or cybercrime operations

  • Medium: Exhibits suspicious indicators possibly associated with malware infections, policy violations, or cybercrime operations

  • Low: Exhibits mildly suspicious indicators useful for security monitoring or threat hunting

Model

The name of the model, defining the type of threat to detect

Description

The description of the model, further explaining the type of threat to detect

Applicable products

The products that can apply the model for alert triggering

Last updated

The date and time Trend Micro last updated the model

Status

Whether Trend Micro Vision One triggers alerts for the model

If you enable an alert trigger, Trend Micro Vision One starts to collect activity data from your supported products. To further check the alerts triggered by detection models, go to Workbench.