Secure Access Rule Templates

Use templates to define your organization's secure access rules for users and devices.

Trend Micro Vision One provides a set of pre-defined templates that correlate to different types of information you want to gather about your network environment and the types of actions you may want to take. You can create a rule from a template, fine-tune the rule to achieve expected results, and add automated actions to respond to and remediate risks automatically.

The following table describes the Risk Control templates.

Template Name

Description

Users with a persistent high risk score

A user has maintained a high risk score range over a period of time in the past

  • User risk score: Risk score range that the user has maintained

    For more information about a user's risk score, see Assessment Scope for Risk Insights.

  • Within last: Number of days for which the user has maintained within the specified risk score range

Devices with a persistent high risk score

A device has maintained a high risk score range over a period of time in the past

  • Device risk score: Risk score range that the device has maintained

    For more information about a device's risk score, see Assessment Scope for Risk Insights.

  • Within last: Number of days for which the device has maintained within the specified risk score range

Anomalous behavior in discovered user email accounts

A user's email account is detected to have had anomalous activity, such as: suspicious phishing attachment in email from new sender, possible forge sender with urgent intention

Anomaly risk level: Calculated based on how an email anomaly, including a suspicious email message, an unusual account activity, or an abnormal account related relationship, could pose a risk to your network

Exposed personal information of discovered users

A user's personally identifiable information (such as bank account, full name) is detected to have been leaked on the surface, deep, or dark web

Leak risk level: Calculated based on multiple data points, including the category of exposed identities, the date when the exposed identities were discovered on the surface, deep, or dark web, and the security breaches associated with the exposure

The following table describes the Permission Control templates.

Template

Description

Internal app access

Allow or block access to specified internal apps based on users, devices, time, and location.