Trend Micro Vision One XDR alert

This rule is part of a beta feature. To learn more, contact Support.
trend-micro-vision-one-xdr

Classification:

attack

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect alerts generated by Trend Micro Vision One XDR. These alerts may indicate the presence of malware, suspicious activity, or other security threats that require immediate investigation.

Strategy

Monitor XDR alerts, utilizing the detailed information provided to assess the potential impact and nature of the threat. The detection rule focuses on understanding the context of the alert, including the affected systems and the type of threat identified.

Triage and response

  1. Review the description of the alert - {{message}}.
  2. Review the impacted entities like IP address {{@impactScope.entities.entityValue.ips}} and entity type {{@impactScope.entities.entityType}}.
  3. If the alert is confirmed as malicious quarantine the affected host or isolate it from the network if needed.
  4. Monitor the affected systems for further suspicious activity.