Trend Micro Vision One XDR alert

This rule is part of a beta feature. To learn more, contact Support.
trend-micro-vision-one-xdr

Classification:

attack

Goal

Detect alerts generated by Trend Micro Vision One XDR. These alerts may indicate the presence of malware, suspicious activity, or other security threats that require immediate investigation.

Strategy

Monitor XDR alerts, utilizing the detailed information provided to assess the potential impact and nature of the threat. The detection rule focuses on understanding the context of the alert, including the affected systems and the type of threat identified.

Triage and response

  1. Review the description of the alert - {{message}}.
  2. Review the impacted entities like IP address {{@impactScope.entities.entityValue.ips}} and entity type {{@impactScope.entities.entityType}}.
  3. If the alert is confirmed as malicious quarantine the affected host or isolate it from the network if needed.
  4. Monitor the affected systems for further suspicious activity.
PREVIEWING: rtrieu/auto-instrumentation-updates