Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- Release Notes
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
Dashboards and Reports
- Security Dashboard
  - Customizing the Security Dashboard
  - Protocol Groups in the Scanned Traffic Summary Widget
- Reports
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
    - Incident Details
      - Alerts (Incident View)
      - Incident-based Execution Profile
    - Assigning Incidents
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics
- Managed Services
- Companion
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Cyber Risk Assessment
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection)
- Getting Started with Trend Vision One Endpoint Security
- Endpoint Inventory
- Standard Endpoint Protection
- Server & Workload Protection
Cloud Security Operations
- Trend Vision One Container Security
- XDR for Containers
  - Getting Started with XDR for Containers
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Using Mobile Security in Conjunction with MDM Solutions or Azure AD
- Using Mobile Device Director
Service Management
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
- Product Instance
- Cloud Accounts
Administration
- User Accounts, Roles, and Single Sign-On (Legacy)
- User Accounts, Identity Providers, and User Roles (July 2023 update)
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
  - Enabling Hypersensitive Mode
Getting Help and Troubleshooting
- Help and Support
  - Creating a Support Case
- Self-Diagnosis

Custom Models

Trigger Workbench alerts based on user-defined event filters.

Note:

This feature is not yet available in all regions.

The Custom Models tab of Detection Model Management lists your organization's custom detection models.

The following table outlines the actions available on the Custom Models tab.

Action	Description
Add a custom model	Click Add to create a custom model
Filter custom models	Use the Search field and drop-down lists to locate specific detection models Severity: The user-defined severity level of the detection model Status: The status of the detection model Last updated: The period of time when the detection model was last updated Search: Provides partial matching for the model ID, name, or filters
Enable or disable a model	Turn the toggle on or off to enable or disable the detection model
Edit a custom model	Click the edit icon () for the model Note: Changes to the name or description of a custom model are not reflected in Workbench alerts previously triggered by the model.
Delete custom models	Select the checkboxes for the models you want to delete and click Delete Note: Deleting a custom model does not delete the custom filter used by the model.

The following table outlines the information available on the Custom Models tab.

Column	Description
Model ID	The unique identifier of the model
Severity	The user-defined severity of the model
Model name	The user-defined name of the model Tip: Click the model name to view more information about the custom model. An information icon () next to the model name indicates that the model is not functioning properly because one or more filters have been disabled. To restore full functionality, edit the query in the event settings of the disabled filters. For details on how to edit the query, see Creating a Custom Filter.
Filters	The custom filters that define the events the model uses to trigger alerts
Group by	The way the model groups multiple events into a single alert
Last updated	The date and time the model was last updated
Last updated by	The user who last updated the custom model
Status	The status of the custom model