January 2025

January 31, 2025—The Cloud Posture “Communication Settings" and "Checks” public APIs are now available on the Trend Vision One Automation Center. For more information, visit the Trend Vision One Automation Center.

January 31, 2025—In Server & Workload Protection, the process image file list is now part of the inheritance exclusion list, and applies to real-time exclusions. The setting is available through Server & Workload Protection > Policies > Anti-Malware > Exclusions.

For more information, see Overview section of the policy editor.

January 31, 2025—Trend Vision One now offers automated cluster registration so that you can add many Kubernetes clusters without a repetitive installation flow. Automated cluster registration allows you to use a single Trend Vision One API Key to register all your Container Security clusters, which helps automate the deployment of Container Security protection.

For more information, see Obtain an API key for automated cluster registration.

January 29, 2025—Trend Vision One now supports compliance scanning for both CIS benchmarks for Amazon EKS versions 1.4.0 and 1.5.0 for your EKS clusters. You can now select which supported benchmark version will be used for each cluster type.

For more information, see Compliance.

January 21, 2025—The Trend Vision One Endpoint Security agent now supports deploying to Windows Server 2025 endpoints. For more details about supported platforms, see Endpoint Agent System Requirements.

January 20, 2025—Managed Services users can now synchronize MDR case information with ServiceNow. To create a ticket profile, go to Third-Party Integration → Trend Vision One for ServiceNow Ticketing System and select "MDR case" as the case type. Then go to XDR Threat Investigation → Managed Services → Settings → Cross-App Management, enable automatic creation of ServiceNow tickets when MDR cases are created, and select the ticket profile to synchronize the case with ServiceNow.

January 20, 2025—Click the search bar at the top of the screen in the Trend Vision One console and type a keyword to search detections, assets, and vulnerabilities across the platform. This enhancement gives an overview of the information you need from apps across Trend Vision One all in one convenient place.

January 17, 2025—We are pleased to announce that Trend Vision One has achieved ISO 20243 compliance.

ISO 20243 is an internationally recognized standard aimed at mitigating risks associated with maliciously tainted and counterfeit products. By meeting these stringent requirements, Trend Vision One ensures the delivery of reliable and secure solutions to our customers.

January 16, 2025—Trend Vision One now supports Alibaba Cloud ACK in Container Security. Add an Alibaba cluster in Container Inventory → Kubernetes → Alibaba Cloud ACK to see the ACK cluster, node, and pod information. Use the Map to Cloud Account function to enable Cyber Risk Exposure Management.

For more information, see Connecting Alibaba Cloud ACK clusters.

January 13, 2025—You can now trigger the following restorative response actions on the corresponding targets from Attack Surface Discovery, Endpoint Inventory, Workbench, Observed Attack Techniques, and the Search app via the context menu:

• Resume Container on isolated containers
• Restore Connection on isolated endpoints
• Enable User Account on disabled user accounts
• Remove from Zscaler Restricted User Group on added user accounts

For more information, see Response actions.

January 13, 2025—Besides the Trend Micro predefined correlation rules, administrators can add custom correlation rules based on predefined detection signals to accommodate anomaly detection requirements in their environment. Administrators can apply custom correlation rules into the Correlated Intelligence policy and view details about detected anomalies in policy events logs. Furthermore, Cloud Email Gateway Protection offers flexibility by enabling administrators to select all or specific predefined correlation rules to detect suspicious emails and possibly unwanted emails.

January 13, 2025—The Applications tab in Attack Surface Discovery now displays apps organized into three separate categories: public cloud apps, connected SaaS apps, and local apps. The new categories apply across all ASRM apps. Public cloud apps include all apps your users visit, ranked by reputation. Local apps detected on endpoints and analyzed according to sanctioned status and risk level. Connecting the SaaS apps managed by your organization allows for further risk assessment and analysis to enhance your SaaS security posture management.

Cyber Risk Exposure Management → Attack Surface Discovery

January 10, 2025—Data Loss Prevention policy now supports scanning email header fields in addition to email subject, body, and attachment as scan targets for Exchange Online. You can also apply DLP policies to incoming messages in addition to "Sent messages only" and "All messages."

January 10, 2025—Besides the existing recipient-based social graph related detection signals, Cloud Email and Collaboration Protection adds two more predefined detection signals of this type. The signals check for the newly observed sender addresses and domains based on companies within the last 30 days to help anomaly detection in the customer’s environment.

These detection signals are not available in all regions.

January 9, 2025—Trend Vision One now provides mitigation for malware scanning, including isolate and terminate options in Container Security. You can configure these options in Container Protection → Policies → Runtime.

For more information, see Managing Kubernetes protection policies.

January 6, 2025—Identity Inventory, part of the Identity Security app group, now supports Active Directory (on-premises) as an IdP. Connect your Active Directory server to Trend Vision One and enable read and write permissions to begin syncing your Active Directory identity data and getting more visibility into the identities in your environment.

January 6, 2025—To align with trademarking requirements, Vision One will update to Trend Vision One in the header values for CEF keys Header (Device Product) and Header (Name) in Syslog connector (on-premises/SaaS) Workbench logs and Observed Attack Techniques logs on January 20, 2025.

For more information, see Modification of CEF header values - Trend Vision One.