Incident View

Trend Micro Vision One creates incidents to group related alerts using advanced alert correlation and machine learning techniques.

Table 1.

Data

Description

Score

The score that Trend Micro Vision One assigns to the incident based on the aggregate scores from related alerts

Incident ID

A unique identifier for the incident

Click an incident ID to view detailed information.

For more information, see Incident Details.

Description

The description of the incident

Last updated

The date and time Trend Micro last updated the incident and the last update status

  • Incident created: Trend Micro Vision One first created the incident

  • New alert correlated: An alert is correlated and associated with the incident

  • Incident merged: Trend Micro Vision One created the incident by merging multiple incidents

  • Alert unlinked:One or more alerts were manually unlinked from the incident

  • Alert linked: One or more alerts were manually linked to the incident

Associated alerts

The total number of related alerts and the number of active alerts associated with the incident

Click the number to view the workbench ID for each associated alert. Click a workbench ID to view workbench details.

Note:
  • An active alert is an alert that is not closed.

  • An alert can only be associated with one incident.

Impact scope

The number of entities that the incident affects within the company network

Created

The date and time Trend Micro Vision One generated the incident