Views:

Detection Models lists all the detection models that Trend Vision One provides.

The following table outlines the actions available in Detection Models (XDR Threat InvestigationDetection Model Management).
Action
Description
Filter detection model data
Use the search and filters to locate specific detection models:
  • Severity: The severity level Trend Vision One assigns to the model depending on the type of event and MITRE information
  • Applicable products: The products that can apply the model for alert triggering
  • Status: Whether Trend Vision One triggers alerts for the model
  • Last updated: When Trend Micro last updated the model
For more information, see Detection model data.
Enable detection models
Enable or disable detection models for your organization based on your security requirements.
  • Hover over the Status to view the required products for enabling the specific model.
  • Click to enable or disable the Status.
Note
Note
Trend Vision One automatically enables all detection models if you have required products connected. As you add more supported products to your environment, Trend Vision One automatically enables the newly-supported alert triggers.
Note
Note
Threat Intelligence Sweeping, enabled by default, is a predefined detection model which supports alert triggers for intelligence-driven sweeping tasks.
For more information about sweeping tasks, see Intelligence Reports.
Related information