Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- What's New by Date
- What's New by App Group
- Release Notes
  - Service Gateway
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
- Cloud Posture
Dashboards and Reports
- Security Dashboard
  - Customizing the Security Dashboard
  - Protocol Groups in the Scanned Traffic Summary Widget
- Reports
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
    - Incident Details
      - Alerts (Incident View)
      - Incident-based Execution Profile
    - Assigning Incidents
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics
- Managed Services
- Companion
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Cyber Risk Assessment
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection)
- Getting Started with Trend Vision One Endpoint Security
- Endpoint Inventory
- Standard Endpoint Protection
- Server & Workload Protection
Cloud Security Operations
- Trend Vision One Container Security
- XDR for Containers
  - Getting Started with XDR for Containers
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Using Mobile Security in Conjunction with MDM Solutions or Azure AD
- Using Mobile Device Director
Service Management
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
- Product Instance
- Cloud Accounts
Administration
- User Accounts, Roles, and Single Sign-On (Legacy)
- User Accounts, Identity Providers, and User Roles (July 2023 update)
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
  - Enabling Hypersensitive Mode
Getting Help and Troubleshooting
- Help and Support
  - Creating a Support Case
- Self-Diagnosis

Zero Trust Actions

Zero Trust actions allow you to directly respond to risks without leaving the Trend Vision One console.

You can take specific actions on users, endpoints, or their app/URL access activity manually or automatically based on risk status. After triggering an action, the Zero Trust Secure Access app creates a task and sends the command to the respective enforcement point.

Note:

Actions taken manually take precedence over the automated control configured in secure access rules.

The following tables describe the actions you can take on users, endpoints, internal apps, and cloud apps/URLs found in your environment for risk remediation.

Table 1. User
Action	Description
Disable User Account	Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are prevented from signing in any new session. For more information, see Disable User Account Task.
Enable User Account	Allows the user to sign in to new application and browser sessions. It may take a few minutes for the process to complete. The user's subsequent sign-in attempts and access requests follow the control by secure access rules. For more information, see Enable User Account Task.
Force Password Reset	Signs the user out of all active application and browser sessions, and forces the user to create a new password during the next sign-in attempt. It may take a few minutes for the process to complete. Note: For extra security, require multi-factor authentication (MFA) before allowing users to change passwords. For more information, see Force Password Reset Task.
Force Sign Out	Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are not prevented from immediately signing back in the closed sessions or signing in new sessions. Note: This action is not available for users on your Active Directory (on-premises) or OpenLDAP server. For more information, see Force Sign Out Task.
Monitor Sign-In Attempt	Allows the user to continue with or sign in to new app and browser sessions, monitors and logs all user sign in attempts and browser activity for 24 hours after the rule is triggered, and shows the detection on the Secure Access History screen

Table 2. Endpoint
Action	Description
Isolate Endpoint	Disconnects the target endpoint from the network, except for communication with the managing Trend Micro server product For more information, see Isolate Endpoint Task.
Restore Connection	Restores network connectivity to an endpoint that already applied the Isolate Endpoint action For more information, see Restore Connection Task.

Table 3. Cloud App/URL Access
Action	Description
Allow Cloud App/URL Access	Allows the access to cloud apps and external URLs on the internet, but does not show the activity on the Secure Access History screen
Block Cloud App/URL Access	Blocks the access to cloud apps and external URLs on the internet, and shows the activity on the Secure Access History screen For more information, see Block Cloud App and URL Access Task.
Monitor Cloud App/URL Access	Allows the access to cloud apps and external URLs on the internet, and shows the activity on the Secure Access History screen
Unblock Cloud App/URL Access	Allows access to cloud apps and external URLs on the internet For more information, see Unblock Cloud App and URL Access Task.

Table 4. Internal App Access
Action	Description
Allow Internal App Access	Allows the access to internal apps configured on Trend Vision One, but does not show the activity on the Secure Access History screen
Block Internal App Access	Blocks access to internal apps configured on Trend Vision One, and shows the activity on the Secure Access History screen For more information, see Block Internal App Access Task.
Monitor Internal App Access	Allows the access to internal apps configured on Trend Vision One, and shows the activity on the Secure Access History screen
Unblock Internal App Access	Allows access to internal apps configured on Trend Vision One For more information, see Unblock Internal App Access Task.

For more information about how to use the Zero Trust actions in Secure Access rules, see Secure Access Rules.