Views:

Check detailed information about a Workbench insight and the list of alerts included in the insight.

Workbench Insights Alerts displays the list of alerts associated with an insight and other details about the insight.
The following table outlines the available actions for Alerts.
Action
Description
Change the alert status
Select one or more alerts and click Change Status to update the progress of alerts or investigations.
Note
Note
If you select Closed - false positive, you need to specify why you think this alert was false.
Link alerts to an insight
After performing an alert investigation, select one or more alerts and click Associate with Insight to associate the selected alerts with the specified insight.
Note
Note
  • If an alert is manually linked to an insight or unlinked from an insight, Trend Vision One does not correlate the alert if a new alert is received.
  • An alert can only be associated with one insight.
Remove alerts from an insight
After performing an alert investigation, select one or more alerts and click Remove from Insight.
Note
Note
If an alert is manually linked to an insight or unlinked from an insight, Trend Vision One does not correlate the alert if a new alert is received.
Execute Automated Response Playbooks
Select one or more alerts and click Execute Playbook to execute Automated Response playbooks for the specified alerts.
Important
Important
To initiate automated response for the selected alerts, configure Automated Response Playbooks first.
View related events and add events to an insight
Click the search icon (view_related_events=20250818023315.png) at the end of an alert to view AI-recommended events related to endpoints included in the impact scope of this alert.
Workbench now leverages AI to surface endpoint-related events that help you discover relevant activity that may not have been initially included in the insight. You can add the events to the insight for further correlation to uncover hidden connections and suspicious activity.
  1. In the Related events panel, select a host name to view the events when multiple hosts are available.
    Note
    Note
    Only the events that occurred within two hours before and after the Workbench alert can be viewed.
  2. In the Observed Attack Techniques or Endpoint events tab, click the add icon (add_event_to_insight=20250818030125.png) to add an event to the current insight.
  3. In the Add Event to Workbench Insight panel, confirm the information and click Add.