Risk Index Overview

View detailed information about your company's Risk Index and the contributing Risk Factors.

The Risk Index is determined based off many factors including risk indicators and the number of risky users, devices, and apps accessed over time. The Operations Dashboard app assesses your organization's Risk Index by categorizing risk factors and evaluating how specific indicators affect your network. For a more comprehensive risk assessment, configure more data sources.


The Risk Index is calculated using all data received from your business without applying management scope limits.

Trend Vision One allows you to mitigate the risks found in your environment by providing remediation steps and preventative measures. For more information, see Risk Assessment.

The following tables provide detailed information about the risk factors that contribute to the Risk Index.


For customers that signed up for or expressly updated Trend Vision One after July 3, 2023, the event counts of risk factors are only visible for users with full management scope.

Table 1. Exposure Index Risk Factors

Risk Factor



Account Compromise

Leaked account

The detection of a user's account on the dark web

Suspicious user activity

Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity

Targeted user account

The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period


OS vulnerability

The detection of exploitable operating system vulnerabilities on the endpoint

Application vulnerability

The detection of exploitable application vulnerabilities on the endpoint

Activity and Behaviors

Network activity

Anomalous or malicious network activity

Storage activity

Cloud storage usage (OneDrive/SharePoint/Outlook/Teams) by the account appears abnormal compared to the normal usage by other company accounts

User activity

Abnormal user behavior patterns and preferences

Device activity

Abnormal device behavior patterns and preferences

Cloud App Activity

Cloud app reputation

Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge

System Configuration

Internet-facing asset configuration

Misconfigured settings on publicly-facing domains and IP addresses

Cloud infrastructure configuration

Misconfigured settings on cloud infrastructure, such as cloud instances and platforms

Identity and access configuration

Misconfigured settings on IAM services

Cloud service configuration

Misconfigured settings on cloud-based applications, software, and services

Endpoint configuration

Misconfigured security settings on endpoint devices

Table 2. Attack Index Risk Factors

Risk Factor



XDR Detection

Workbench alerts

Detection of events by XDR sensors that may be malicious or indicate risk

Targeted Attack Detection

Detection of early attack indicators by scanning of your Smart Protection Network data

Threat Detection

Web threats

The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic

Email threats

Detection of malicious or anomalous email activity

Network threats

Detection of malicious activity in monitored endpoint traffic

Endpoint threats

Detection of events on endpoints that may be malicious

Mobile device threats

Detection of events on mobile devices that may be malicious

Connected app activity

Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious

Table 3. Security Configuration Index Risk Factors

Risk Factor



Security Configuration

Endpoint security

Detection of agent and sensor deployment, key feature adoption, license health, and agent versions.

Email security

Coming soon

Network security

Coming soon