Trend Micro Vision One XDR alert

This rule is part of a beta feature. To learn more, contact Support.
trend-micro-vision-one-xdr

Classification:

attack

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect alerts generated by Trend Micro Vision One XDR. These alerts may indicate the presence of malware, suspicious activity, or other security threats that require immediate investigation.

Strategy

Monitor XDR alerts, utilizing the detailed information provided to assess the potential impact and nature of the threat. The detection rule focuses on understanding the context of the alert, including the affected systems and the type of threat identified.

Triage and response

  1. Review the description of the alert - {{message}}.
  2. Review the impacted entities like IP address {{@impactScope.entities.entityValue.ips}} and entity type {{@impactScope.entities.entityType}}.
  3. If the alert is confirmed as malicious quarantine the affected host or isolate it from the network if needed.
  4. Monitor the affected systems for further suspicious activity.