Views:

The Trend Vision One context menu provides XDR Data Explorer options that you can access during an investigation after encountering objects or data that you want to further explore.

The following table describes the XDR Data Explorer actions available for certain events or objects found in your environment.
Action
Description
Run new query: match field and value
Opens another instance of Trend Vision One and creates a new XDR Data Explorer query with the selected value added as criteria
Run new query: endpoint +/- 1 min
Opens another instance of Trend Vision One and creates a new XDR Data Explorer query with the selected value added as criteria for endpoint activities. This option limits the time range for the new query to one minute before and after the logged time.
Run new query: endpoint +/- 5 min
Opens another instance of Trend Vision One and creates a new XDR Data Explorer query with the selected value added as criteria for endpoint activities. This option limits the time range for the new query to five minutes before and after the logged time.
Run new query: endpoint +/- 10 min
Opens another instance of Trend Vision One and creates a new XDR Data Explorer query with the selected value added as criteria for endpoint activities. This option limits the time range for the new query to ten minutes before and after the logged time.
Add filter: field IS value
Adds the selected value as criteria to the existing query
Add filter: field IS NOT value
Adds the selected value as an exception to the existing query
Add Filter: field IS EMPTY
Adds the selected field with no value as criteria to the existing query
Add Filter: field EXISTS
Adds the selected field with any value as criteria to the existing query
Google
Opens a new browser tab and searches Google for the selected value
VirusTotal
Opens a new browser tab and searches VirusTotal for the selected value
View Event in Observed Attack Techniques
Opens a new browser tab and shows events in Observed Attack Techniques for the selected value