Attack Scope

View affected endpoints in your environment and information about monitored attack campaigns.




An overview of endpoints affected by ongoing attack campaigns

Click the total number to view details about each affected endpoint.

  • Endpoint: GUID of agent installed on the affected endpoint or IP address of the affected endpoint

  • Severity: highest severity security event the app observed on the endpoint

  • Reasons: the type of malicious behavior the app observed on the endpoint

  • Recommended actions: recommended steps to mitigate risk

  • Management server: Host name and IP address of the server that manages the affected endpoint

  • First observed: timestamp of when the app first observed an attack indicator or event on the endpoint

You can filter the list by endpoint and attack phase.

Sort the list by changing View to Management server, Severity, or Recommended actions.


Trend Micro threat researchers monitor and analyze attack campaigns affecting organizations around the world. Their research provides context to detected attack indicators and allows Trend Vision One to predict possible next steps by attackers.

You can use the information to identify other potentially compromised assets and to mitigate the risk posed by each campaign.

Tags indicate regions, platforms, and industries the campaign affects the most.

A red icon next to the campaign name indicates the app found attack indicators for that campaign in your environment.