Views:

What are the Automation Settings in TrendAI Vision One?

Semi-Automation

  • Automatically creates a response task.
  • Requires customer approval in the Response Management app before execution.

    Semi-Auto Response

    Semi-Auto Response

Full Automation

  • Automatically creates and executes response tasks without manual intervention.

    Full Automation

Automation Scope:

  • Applies to all Workbench Alerts with the following severity levels:
    • Low
    • Medium
    • High
    • Critical

What triggers an Automated Response action?

Automation Trigger Conditions:

  1. Objects identified as "Highly Suspicious" or "Suspicious" in the workbench.
  2. Automation settings for "Semi-Automation" or "Full Automation" are enabled for "Suspicious" and "Highly Suspicious" objects.
 
  • Automated Response currently supports file-based actions; URL-based actions are not yet supported.
  • If "No matching objects found" appears, it means no automated response task is triggered.

    • What is the difference between "Score in Alert View" and "Suspicious/Highly Suspicious" in Automated Response?

    Score in Alert View:

    • Defined by a threat expert.
    • Each model has one severity.
    • Calculated by the workbench based on model severity and impact scope in the raw alert.

    Suspicious and Highly Suspicious in Automated Response (SAE):

    • After generating a workbench alert, the workbench team sends alert-related information to SAE.
    • SAE calculates "Suspicious" or "Highly Suspicious" based on each highlighted object in the alert.

    FAQs:

    What is the difference between Semi-Automation and Full Automation in TrendAI Vision One?

    • Semi-Automation: Creates a response task but requires customer approval before execution.
    • Full Automation: Creates and executes response tasks automatically without customer intervention.

    Can I use Automated Response for URL-based actions?

    • Currently, Automated Response only supports file-based actions. URL-based actions are not yet supported.

    What does "No matching objects found" mean?

    • This indicates that no automated response tasks were triggered.

    How is the score in Alert View determined?

    • The score is defined by a threat expert and calculated by the workbench based on model severity and the impact scope of the raw alert.

    What does "Suspicious" or "Highly Suspicious" mean in Automated Response?

    • These terms are calculated by SAE based on the analysis of each highlighted object in the alert.
    Keywords: how to use automated response in trendai vision one,difference between semi-automation and full automation in trendai vision one,automated response feature trendai vision one,trigger conditions for automated response trendai vision one,trendai vision one automated response settings