Use a template to create a custom filter | Trend Micro Service Central

Views:

Use one of the pre-built filter templates to create a custom filter to detect events in your environment.

Go to XDR Threat Investigation → Detection Model Management → Custom Filters → Use a template.
Browse the filter templates catalog, then select a template.
Detection Model Management displays the custom filter in YAML format.
Click Next.
Adjust the general settings of the filter to your needs:
- Filter name
- Description
- Severity
  
  A severity of medium, high, or critical affects the Cyber Risk Index on the Cyber Risk Overview and Threat and Exposure Management. When testing or tuning a model, select low to avoid affecting indexes.
Adjust the event settings of the filter to your needs:
1. Validate the query by clicking Validate Query.
  
  If the query is valid, you can click Preview Search Results to see the search results your query returns.
2. Specify up to 10 custom tags.
  
  Custom tags help you identify events detected by custom filters in Workbench, Observed Attack Techniques, and Search.
  
  Tags can be up to 64 characters long.
Click Save.

Trend Vision One saves and enables the custom filter. This action might require a few minutes before taking effect.

You can use custom filters to create detection models that generate Workbench alerts based on your detections.