Detection Model Data

Each detection model is specialized in discovering a particular type of threats.

The following table outlines the information available for each detection model.




The severity level Trend Vision One assigns to the model depending on the type of event and MITRE information

  • Critical: Exhibits strong evidence of compromise for targeted attacks, Advanced Persistent Threats (APTs), or cybercrime operations

  • High: Exhibits highly suspicious indicators associated with targeted attacks, APTs, or cybercrime operations

  • Medium: Exhibits suspicious indicators possibly associated with malware infections, policy violations, or cybercrime operations

  • Low: Exhibits mildly suspicious indicators useful for security monitoring or threat hunting


The name of the model, defining the type of threat to detect


The description of the model, further explaining the type of threat to detect

Applicable products

The products that can apply the model for alert triggering

Last updated

The date and time Trend Micro last updated the model


Whether Trend Vision One triggers alerts for the model

If you enable an alert trigger, Trend Vision One starts to collect activity data from your supported products. To further check the alerts triggered by detection models, go to Workbench.