Trend Micro Vision One XDR alert

This rule is part of a beta feature. To learn more, contact Support.
trend-micro-vision-one-xdr

Classification:

attack

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detect alerts generated by Trend Micro Vision One XDR. These alerts may indicate the presence of malware, suspicious activity, or other security threats that require immediate investigation.

Strategy

Monitor XDR alerts, utilizing the detailed information provided to assess the potential impact and nature of the threat. The detection rule focuses on understanding the context of the alert, including the affected systems and the type of threat identified.

Triage and response

  1. Review the description of the alert - {{message}}.
  2. Review the impacted entities like IP address {{@impactScope.entities.entityValue.ips}} and entity type {{@impactScope.entities.entityType}}.
  3. If the alert is confirmed as malicious quarantine the affected host or isolate it from the network if needed.
  4. Monitor the affected systems for further suspicious activity.
PREVIEWING: domalessi/docs-10186