Exceptions

An exception is a combination of an object value, a detection filter, and a data field.

Each detection model uses one or more filters to detect suspicious behaviors or events based on associated MITRE techniques and reported threat indicators. You can further check specific detection filters that triggered an alert in the alert details of the Workbench app.

Add an object to exceptions if you want to exclude the object value from being detected by the current detection filter. As a result, Trend Micro Vision One matches the exception based on the object value, the data field associated with the value, and the related detection filter.

The following table outlines the actions available on the Exceptions screen.

Action

Description

Filter exceptions

Use the search text box and Type drop-down lists to filter exceptions.

View exception details

View the table to check the detailed information about each exception.

For more information, see Exception Data.

Delete exceptions

Select one or more exceptions and click Delete Selected.