March 2025

March 31, 2025—Cloud Risk Exposure Management (CREM) users will now be able to scan Terraform HCL (.tf) templates with the latest API directly by scanning a .zip file of HCL templates. as opposed to converting the Terraform HCL (.tf) templates into HCL plan (.json) files before scanning. Additionally, you can now use the cloudPosture/scanTemplateArchive endpoint to POST a ZIP file containing your Terraform templates to be scanned. For more information, see the Template Scanner API documentation.

March 25, 2025—Starting April 1, 2025, new pricing packages will be introduced for Cyber Risk Exposure Management capabilities. Users who have not preselected a pricing package will automatically switch to the Cyber Risk Exposure Management - Core package (20 credits per assessed desktop or server), which allows you to use the following capabilities without limitations:

• Cyber Risk Overview (formerly Cyber Risk Overview)
• Attack Surface Discovery
• Threat and Exposure Management (formerly Threat and Exposure Management)
• Identity Security Posture (formerly Identity Posture)

Upgrade to the Cyber Risk Exposure Management - Essentials package (50 credits per assessed desktop or server) to use the following capabilities without limitations:

• Cyber Risk Overview (formerly Cyber Risk Overview)
• Attack Surface Discovery
• Threat and Exposure Management (formerly Threat and Exposure Management)
• Identity Security Posture (formerly Identity Posture)
• Attack Path Prediction
• Security Awareness Training Training
• Compliance Management

Enable cloud account assessment (1,000 credits per 500 cloud resources up top a maximum of 8,000 credits) to include your cloud assets in your available Cyber Risk Exposure Management capabilities.

March 25, 2025—The current feature allowing users to override the number of assessed desktops, servers, and cloud accounts will be disabled on April 1. If you are are currently using the override feature, your credits will continue to be calculated according to the asset override total until May 1. During that time, add the desktops or servers you don't wish to assess to the Exception List in Attack Surface Discovery. For cloud accounts you don't wish to assess, disable Cyber Risk Exposure Management for the account in Cloud Accounts. After May 1, your credit requirements will be based on the actual number of discovered assets that have not been added to the Exception List or for which Cyber Risk Exposure Management is enabled. Contact your sales representative if you have any questions.

March 25, 2025—In Case Management, you can now export case log data as a comma-separated value (CSV) file. After export, access and download the file from Reports Exported from Trend Vision One Apps under Generated Reports in Reports.

March 24, 2025—Zero Trust Secure Access Internet Access Service on-premises gateway now supports FTP proxy to inspect FTP traffic with access control and content scanning.

March 24, 2025—You can now create custom filters based on Search queries for monitoring of suspicious events. Combine multiple custom filters into custom detection models to facilitate the threat hunting process for your organization.

For more information, see Filter query format.

March 24, 2025—The Cyber Risk Exposure Management navigation menu will be updated beginning March 30, 2025, with new categories and capability names. The new names better highlight the current features available and give you a preview of more features coming soon to Trend Vision One. Here's what you can expect on April 1:

For information on how you can purchase a Cyber Risk Exposure Management entitlement and take advantage of these expanded capabilities, contact your sales representative.

March 24, 2025—Cloud Risk Exposure Management (CREM) users will now be able to exclude resources in use by all Trend Vision One products to avoid conflicts during rule scanning.

The Guided Exclusions option under Cloud Risk Management is enabled by default for all CREM customers with Agentless Vulnerability and Threat Detection for AWS resources and will no longer affect the compliance scores. You can include them by deselecting the default option.

For more information, see Managing preferences.

March 21, 2025—Trend Micro Artifact Scanner (TMAS) now supports the new --distro flag, which allows you to specify OS distribution details for file and directory artifacts. This ensures accurate vulnerability matching for open-source RPM (Red Hat Package Manager) files that sometimes do not include OS information.

For more information, see the WHATS-NEW.md file included with the binary and the --distro flag information in Artifact Scanner CLI.

March 21, 2025—Cloud Email and Collaboration Protection includes the import function in the Synchronized User List for Exchange Online global settings. This enhancement further simplifies user management by allowing administrators to synchronize multiple users to Cloud Email and Collaboration Protection at once.

March 21, 2025—Cloud Email and Collaboration Protection extends Correlated Intelligence to Gmail service protection. Administrators can configure Correlated Intelligence settings in ATP policies for Gmail. This helps find security risks and anomalies in their Gmail emails using predefined and custom correlation rules and detection signals.

The warning banner feature is not available for Gmail.

March 21, 2025—Cloud Email and Collaboration Protection adds the scam detection statistics into the Overall Threat Detections section in Dashboard, and also introduces a new widget regarding scam detections to display the number of scam email messages detected by different security filters during a selected time period.

March 21, 2025—Cloud Email and Collaboration Protection provides a sending acknowledgement email option in Email Reporting settings. This option lets administrators choose if they want to send a confirmation email to end users when they report emails through either the add-in for Outlook or the warning banner inserted in their emails.

March 19, 2025—Cloud Email Gateway Protection now integrates with the domain verification feature in Trend Vision One. Domains added in Cloud Email Gateway Protection will automatically appear in the Domain Verification screen under Administration. This integration also allows administrators to verify domains in either Cloud Email Gateway Protection or Domain Verification, with the verification results applying to both locations.

March 19, 2025—Cloud Email Gateway Protection now sends its audit logs to Trend Vision One. Administrators can filter and view these logs alongside other Trend Vision One audit logs in a centralized location - the Audit Logs screen under Administration.

Please note that the Audit Log screen in Cloud Email Gateway Protection will be available for six months before it is permanently deleted.

March 10, 2025—Detection Model Management now provides pre-built templates to help you create custom filters more efficiently.

Filter templates serve as starting points that you can customize to detect specific events in your environment. Each template comes with predefined settings and queries that you can modify according to your security needs, making easier to implement detection rules without starting from scratch.

For more information, see Use a template to create a custom filter.

March 5, 2025—Introducing AI Security Posture Management (AI-SPM) in preview. You can now proactively protect your AI system from threats, minimize your data exposure, and reduce the overall risks of your AI infrastructure with comprehensive monitoring using AI SPM.

March 3, 2025—Endpoint removal is now handled by Endpoint Inventory and applies to all Trend Vision One Endpoint Security agent deployments, including Standard Endpoint Protection and Server & Workload Protection. You can automate the removal of disconnected agents using the inactive agent removal settings in Endpoint Settings.