Zero Trust Actions
Zero Trust actions allow you to directly respond to risks without leaving the Trend Vision One console.
You can take specific actions on users, endpoints, or their app/URL access activity manually or automatically based on risk status. After triggering an action, the Zero Trust Secure Access app creates a task and sends the command to the respective enforcement point.
Actions taken manually take precedence over the automated control configured in secure access rules.
The following tables describe the actions you can take on users, endpoints, internal apps, and cloud apps/URLs found in your environment for risk remediation.
|
Action |
Description |
|---|---|
|
Disable User Account |
Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are prevented from signing in any new session. For more information, see Disable User Account Task. |
|
Enable User Account |
Allows the user to sign in to new application and browser sessions. It may take a few minutes for the process to complete. The user's subsequent sign-in attempts and access requests follow the control by secure access rules. For more information, see Enable User Account Task. |
|
Force Password Reset |
Signs the user out of all active application and browser sessions, and forces the user to create a new password during the next sign-in attempt. It may take a few minutes for the process to complete. Note:
For extra security, require multi-factor authentication (MFA) before allowing users to change passwords. For more information, see Force Password Reset Task. |
|
Force Sign Out |
Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are not prevented from immediately signing back in the closed sessions or signing in new sessions. Note:
This action is not available for users on your Active Directory (on-premises) or OpenLDAP server. For more information, see Force Sign Out Task. |
|
Monitor Sign-In Attempt |
Allows the user to continue with or sign in to new app and browser sessions, monitors and logs all user sign in attempts and browser activity for 24 hours after the rule is triggered, and shows the detection on the Secure Access History screen |
|
Action |
Description |
|---|---|
|
Isolate Endpoint |
Disconnects the target endpoint from the network, except for communication with the managing Trend Micro server product For more information, see Isolate Endpoint Task. |
|
Restore Connection |
Restores network connectivity to an endpoint that already applied the Isolate Endpoint action For more information, see Restore Connection Task. |
|
Action |
Description |
|---|---|
|
Allow Cloud App/URL Access |
Allows the access to cloud apps and external URLs on the internet, but does not show the activity on the Secure Access History screen |
|
Block Cloud App/URL Access |
Blocks the access to cloud apps and external URLs on the internet, and shows the activity on the Secure Access History screen For more information, see Block Cloud App and URL Access Task. |
|
Monitor Cloud App/URL Access |
Allows the access to cloud apps and external URLs on the internet, and shows the activity on the Secure Access History screen |
|
Unblock Cloud App/URL Access |
Allows access to cloud apps and external URLs on the internet For more information, see Unblock Cloud App and URL Access Task. |
|
Action |
Description |
|---|---|
|
Allow Internal App Access |
Allows the access to internal apps configured on Trend Vision One, but does not show the activity on the Secure Access History screen |
|
Block Internal App Access |
Blocks access to internal apps configured on Trend Vision One, and shows the activity on the Secure Access History screen For more information, see Block Internal App Access Task. |
|
Monitor Internal App Access |
Allows the access to internal apps configured on Trend Vision One, and shows the activity on the Secure Access History screen |
|
Unblock Internal App Access |
Allows access to internal apps configured on Trend Vision One For more information, see Unblock Internal App Access Task. |
For more information about how to use the Zero Trust actions in Secure Access rules, see Secure Access Rules.
- Block Cloud App and URL Access Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Block Internal App Access Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Disable User Account Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Enable User Account Task
After resolving the risk issues on the disabled user account, you can enable the user account using the Zero Trust Secure Access or Operations Dashboard app. - Force Password Reset Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Force Sign Out Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Isolate Endpoint Task
You can take remediation measures on user accounts that may pose a security risk to your network environment on the Trend Vision One console. - Restore Connection Task
After resolving the risk issues on the isolated endpoint, you can restore network connectivity using the Zero Trust Secure Access or Operations Dashboard app. - Unblock Cloud App and URL Access Task
After resolving the risk issues on the user account, you can allow the user account to access cloud apps and websites using the Zero Trust Secure Access or Operations Dashboard app. - Unblock Internal App Access Task
After resolving the risk issues on the user account, you can allow the user account to access your internal apps using the Zero Trust Secure Access or Operations Dashboard app.
