Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- May 2023
- April 2023
- March 2023
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Prioritization and Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
- Security Dashboard
  - Customizing the Security Dashboard
- Report Management
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics and Analysis
  - War Room Tab
    - Workspaces
      - Adding Elements to an Investigation Timeline
  - Packages Tab
    - Evidence Collection
      - Manual Evidence Collection
      - Supported Evidence Types
- Managed Services
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
  - Response Actions
  - Response Data
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Security Assessment Service
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Mobile Inventory
- Mobile Detection Logs
- Mobile Policy
  - Mobile Policy Data
  - Configuring Mobile Policies
- Risky Mobile Apps
  - Risky Mobile App Data
  - Approved List Data
Point Product Connections
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
Account
- Single Sign-On
  - Configuring SAML Single Sign-On
- User Accounts
- User Roles
  - Configuring Custom User Roles
  - Predefined Roles
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
Getting Help and Troubleshooting
- Help Kit
  - Toolbox Resources
  - Simulations
- Self-Diagnosis

CEF Workbench Logs

CEF Key	Description	Value
Header (Version)	CEF format version	CEF:0
Header (Device Vendor)	Product vendor	Trend Micro
Header (Device Product)	Product of sending device	Vision One
Header (Device Version)	Service version	1.0.0
Header (Device Event Class ID)	A unique identifier per event-type	900001
Header (Name)	Category of the event	Vision One Workbench Alert
Header (Severity)	Importance of the event	Example: 3 3: Low 5: Medium 7: High 9: Critical
externalId	Workbench ID	Example: "WB-9002-20210519-00014"
cat	Workbench name	Example: "Possible APT Attack"
rt	Workbench complete time	Example: "Dec 05 2022 05:26:45"
sourceServiceName	Alert provider	Example: "SAE" "SAE" "TI"
msg	Description of the detection model	Example: "A user bypass higher-level permissions."
cn1	count of all impact scopes	Example: 1
cn1Label	Corresponding label for the "cn1" field	Example: "Impact Scope Count"
cs1	Workbench link	Example: "https://portal-int.visionone.trendmicro.com/index.html#/workbench?workbenchId=WB-9002-20210517-00001&ref=0c12e642ca5b7ed4436e5f23f568ae10066608d3"
cs1Label	Corresponding label for the "cs1" field	Example: "Workbench Link"
TrendMicroV1CompanyID	Company ID	Example: "68960c94-9be6-4343-a4ca-6408de7aa331"