Views:

Trend Micro gathers and integrates curated threat intelligence from internal and external sources.

The following table outlines the actions available on the Curated screen.
Action
Description
Filter intelligence reports
Use the search text box and the following drop-down lists to filter curated intelligence reports:
  • Last updated: The last date and time Trend Vision One received the reports
  • View: The option to show only specific reports or all reports
  • Source: The source where the reports came from
Turn on Auto Sweeping
  • By curated report source type
    • Click Auto Sweeping and turn on Auto Sweeping for certain sources.
    • Click the Source links and turn on Auto Sweeping for the current source.
    Trend Vision One generates a scheduled sweep and runs the sweep once every day for 7 consecutive days to search your environment for threat indicators based on incoming new reports from the selected source.
  • By a single report
    Click the options button (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) at the end of the row and choose Configure Auto Sweeping. Specify the period to run Auto Sweeping for the current report and click Submit.
    A scheduled sweep runs once every day during the specified period to search your environment for threat indicators extracted from the current report.
Note
Note
The auto-sweeping paused icon (scanPaused_icon=GUID-f794bb0b-6abc-453b-bb50-f3b4eb31fa95.jpg) indicates that the report has produced potential false positives and is currently being analyzed by Trend Micro threat experts. If false positives are confirmed, the IoCs that caused the false positives may be revoked from the report or added to global exceptions before restarting the sweep.
Take additional actions
Click the options button (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) at the end of the row and choose to take additional actions on the intelligence report:
  • Trend Micro Research: Click to access related blogs or articles from Trend Micro.
  • External Reference: Click to access related blogs or articles from third parties.
  • Start Sweeping: Click to trigger a Manual Sweeping task to search your environment for threat indicators.
  • Configure Auto Sweeping: Click to turn on and specify the period to run Auto Sweeping for the current report and click Submit.
  • Start Sweeping (STIX-Shifter): Click to trigger a Manual Sweeping task to search other data sources you have configured in Third-Party Integration for threat indicators using STIX-Shifter.
    For more information about STIX-Shifter connection settings, see Third-Party Integration.
Check matched sweeps
Under Matched sweeps, check the number of tasks that have indicator matches and the total number of sweeping tasks that have been created. For example, the message 1 out of 7 means one sweeping task has indicator matches among a total of seven sweeping tasks.
Note
Note
The message 0 out of 0 indicates that no sweeping task has been triggered.
In addition, Trend Vision One defines a 180-day data retention period for the sweeping task history. The message underMatched sweeps will be reset to 0 out of 0 once the retention period expires.
View sweeping task details
Click the right arrow (run_icon=cbe6ecd0-17e8-4e04-bef3-4efe4eb9c7e5.png) at the beginning of the row to expand sweeping tasks and check the basic information about each task.
To further explore the tasks that have indicator matches, do the following:
  • Click the links under Related links to open Workbench alerts or download sweeping results.
  • Click the Details icon (details_icon=f45ada04-b746-40a7-a5f4-2166c059213c.png) to check matched indicators and associated entities of the tasks.