Response actions allow you to directly respond to risks without leaving the Trend Vision One console.
You can take specific actions on users, endpoints, or their app/URL
access activity manually or automatically based on risk status. After triggering an
action,
the Zero Trust Secure Access app creates a task and sends the
command to the respective enforcement point.
 |
NoteActions taken manually take precedence over the automated control
configured in secure access rules.
|
The following tables describe the actions you can take on users,
endpoints, internal apps, and cloud apps/URLs found in your environment for risk
remediation.
User
|
Action
|
Description
|
||
|
Disable User Account
|
Signs the user out of all active application and browser sessions of the user account.
This task might take a few minutes to complete. Users are prevented from signing in
any new session.
|
||
|
Enable User Account
|
Allows the user to sign in to new application and browser sessions. This task might
take a few minutes to complete. The user's subsequent sign-in attempts and access
requests follow the control by secure access rules.
|
||
|
Force Password Reset
|
Signs the user out of all active application and browser sessions, and forces the
user to create a new password during the next sign-in attempt. This task might take
a few minutes to complete.
|
||
|
Force Sign Out
|
Signs the user out of all active application and browser sessions of the user account.
This task might take a few minutes to complete. Users are not prevented from immediately
signing back in the closed sessions or signing in new sessions.
|
||
|
Monitor Sign-In Attempt
|
Allows the user to continue with or sign in to new app and
browser sessions, monitors and logs all user sign in attempts and browser activity
for 24 hours after the rule is triggered, and shows the detection on the Secure Access History screen
|
Endpoint
|
Action
|
Description
|
|
Isolate Endpoint
|
Disconnects the target endpoint from the network, except for communication with the
managing Trend Micro endpoint protection product.
|
|
Restore Connection
|
Restores network connectivity to an endpoint that already applied the Isolate Endpoint
action.
|
Cloud App/URL Access
|
Action
|
Description
|
|
Allow Cloud App/URL Access
|
Allows the access to cloud apps and external URLs on the
internet, but does not show the activity on the Secure Access History screen
|
|
Block Cloud App/URL Access
|
Blocks the access to cloud apps and external URLs on the
internet, and shows the activity on the Secure Access History screen
|
|
Monitor Cloud App/URL Access
|
Allows the access to cloud apps and external URLs on the
internet, and shows the activity on the Secure Access History screen
|
|
Unblock Cloud App/URL Access
|
Allows access to cloud apps and external URLs on the
internet
|
Internal App Access
|
Action
|
Description
|
|
Allow Internal App Access
|
Allows the access to internal apps configured on Trend Vision One, but does not
show the activity on the Secure Access History screen
|
|
Block Internal App Access
|
Blocks access to internal apps configured on Trend Vision One, and shows the
activity on the Secure Access History
screen
|
|
Monitor Internal App Access
|
Allows the access to internal apps configured on Trend Vision One, and shows the
activity on the Secure Access History
screen
|
|
Unblock Internal App Access
|
Allows access to internal apps configured on Trend Vision One
|
For more information about how to use the Zero Trust actions in
Secure Access rules, see Secure access rules.