Check the individual events detected in your environment that might trigger a Workbench alert.
Trend Vision One detects events through use of granular predefined or custom detection filters that
make up the detection models that trigger alerts. Events that Trend Vision One lists on the Observed Attack Techniques screen might not result in a Workbench insight
or Workbench alert. You can use the data in the Trend Vision One app to further investigate Workbench insights and evaluate individual detections.
The following table outlines the actions available in the Observed Attack
Techniques app.
|
Action
|
Description
|
||
|
Filter event data
|
Use the drop-down lists to locate specific event data.
You can also search by endpoint or container name in the search field.
|
||
|
Create a Search query from filters
|
To create a query in Search based on your specified filters, click Query
in Search app.
|
||
|
Hide detection filters from the list
|
If you receive a lot of detections on particular detection filters that do not
interest you, you can temporarily hide the data for specific filters.
Right-click the unwanted Detection filter name
and click Hide Value. After adding all unwanted filters to
the Hidden objects list, click
Apply to reload the screen.
|
||
|
View event details in Search app
|
Locate an event, click the options button (
 ) at the end of the row and select View Event in Search to open the Search app in a new tab. |
||
|
Add event to case
|
Locate an event, click the options button (
) at the end of the row and select Add to Case to add the event as evidence of a case. |
||
|
View detailed information about an associated entity
|
Click the Show Detailed Profile icon (
 ) to open the Detailed Profile panel. |
||
|
View more details
|
Expand any row to see more details related to the detection and
associated entities.
|
||
|
Chat with Trend Companion
|
Click
 to start a conversation with Trend Companion.
|
