Views:

Analyze, investigate, and respond to incidents and alerts using the power of AI.

TrendAI™ Companion is an AI-powered cybersecurity advisor integrated into TrendAI Vision One™ to assist in investigating, analyzing, and responding to security incidents and alerts.
Important
Important
  • Each user can send up to 100 messages per day and 10 messages per minute. The message limit resets every day at 00:00 UTC.
  • Prompts have a 500-character limit.
  • TrendAI™ Companion has filters to remove personal information from prompts.
The following table outlines the available functions in TrendAI™ Companion.
Action
Description
Supported Apps
Open TrendAI™ Companion
Click the TrendAI™ Companion icon (newCompanionIcon=GUID-20240819112525.jpg) to start a conversation.
All apps and screens in TrendAI Vision One™
Explain a Workbench alert
During alert investigations, TrendAI™ Companion can explain the alert displayed on your screen.
You can use prompts such as Provide an explanation of this Workbench alert.
Add response to case
Click Add to Case to add a response as a case note.
Add response to a Workbench alert note
Click Add to Note to add a response to the alert notes.
Generate search queries
When using the XDR Data Explorer app, TrendAI™ Companion can help you write search queries and decide what is the appropriate search method for your query.
Tip
Tip
Begin your prompts with Query to have TrendAI™ Companion create queries.
Example: Query all elements where the destination port is 80
  • XDR Data Explorer
Add generated search query to search box
Click Add to Query to add the generated query to the search box.
TrendAI™ Companion automatically selects the suggested search method when adding queries to the search box.
  • XDR Data Explorer
Explain CLI commands in Workbench alerts, Search results, and Observed Attack Techniques events
Right-click a CLI command element (cmd_icon=a5184412-0713-41ea-868c-b948a93e9fea.png) and choose Explain Command.
TrendAI™ Companion can also provide explanations for CLI commands that include base64-encoded elements.
Explain Observed Attack Techniques events
To learn about an event, right-click an event or click options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png and choose Explain Event.
Important
Important
TrendAI™ Companion cannot explain events that contain only custom filters.
  • Observed Attack Techniques
  • XDR Data Explorer
Create an investigation summary report for a case in Case Management
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
Do one of the following:
  • Click a case name to open the case details. From the TrendAI™ Companion list, select Summarize investigation report.
  • In Case Viewer, click a case. Click the three dots, and then click Summarize investigation report.
TrendAI™ Companion generates a threat investigation and remediation report for the case, which you can preview, edit, and download by going to Dashboards and ReportsReports. This action is only available for Workbench cases with a “True positive” finding.
  
Summarize progress notes for a case in Case Management
Do one of the following:
  • Click a case name to open the case details. From the TrendAI™ Companion list, select Summarize progress notes.
  • In Case Viewer, click a case. Click the three dots, and then click Summarize progress notes.
TrendAI™ Companion summarizes all the notes created in the case since last time a summarized progress note was created. Summarized progress notes are helpful when transferring a case to a new owner.
 
Summarize Workbench insights
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
During insight investigations, TrendAI™ Companion can summarize the attack context of the insight displayed on the screen.
You can use prompts such as Summarize the Workbench insight.
Workbench (only during Workbench insights investigations)
Receive proactive guidance on noteworthy and false-positive Workbench insights
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
  • When TrendAI™ Companion detects one or more Workbench insights in which at least one correlated alert is classified as noteworthy, click Show me the [number] noteworthy Workbench insights. to get insight summaries or further contextual analysis.
  • When TrendAI™ Companion detects one or more Workbench insights in which all correlated alerts are classified as false positives, click Show me the [number] false positive Workbench insights. to get insight summaries or further contextual analysis.
TrendAI™ Companion uses labeled detection data to classify Workbench alerts into noteworthy or false-positive alerts to proactively recommend insights that may require further analysis.
Workbench
Receive guidance on threat investigation workflows
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
TrendAI™ Companion can suggest next steps during threat investigation and response related to a Workbench insight.
You can use prompts such as What should I do next?
Workbench (only during Workbench insights investigations)
Related information