Overview of MXDR Alerts in Trend Vision One™

Product / Version includes:

Managed Detection and Response All , Trend Vision One Workflow and Automation

Last updated: 2025/06/02

Solution ID: KA-0019909

Category:

Summary

An MDR alert is a security alert that is sent by the MDR team upon the detection of critical events rooted in suspicious activities or threats detected in your Vision One environment. The alert is sent by email after an event is investigated and any approved response actions are taken to mitigate the activity. Collectively, this email alert and any response actions taken thereof are deliverables of the Managed XDR Service (MDR).

These email alerts may contain action items and/or recommendations. Therefore, it is important to keep the MDR team updated about which actions you have completed, to ensure we close the loop on any threat and mitigate further persistence.

EXPAND ALL

What does an MXDR alert contain?

Each alert will begin with one of the following two subjects:
- Subject: [MDR Alert]
- Subject: [MDR Incident Alert]
Every alert notification references a case number, which is listed at the top of the alert email.
The body of every initial alert starts off with a template containing these common sections:
Section: Observation
- A Managed XDR observation, containing the triggering detection plus an overall investigative determination of the event, classified as an: “Incident”, “Noteworthy” and “Not Noteworthy.”
- Examples:
  - Trend Micro Managed XDR observed a NOTEWORTHY Trend Vision One alert with the model name [Heuristic Attribute] Possible Event Triggered Execution and Workbench ID WB-*****.
  - Trend Micro Managed Services observed a NOTEWORTHY Trend Vision One alert with the model name Potential Ransomware Encryption and Workbench ID WB-******.
    From our investigation so far, we have declared this as an INCIDENT.
  - This alert is sent to inform you that the Trend Vision One alert with the model name [Heuristic Attribute] Possible Abuse Elevation Control Mechanism and Workbench ID WB-***** is NOT NOTEWORTHY and categorized as Benign based on Managed XDR's investigation.
A Noteworthy “Threat Hunting” alert will contain an additional “Threat Hunting” disclaimer at the top of the email.

Section: Summary
- Below is a snippet example:
Section: Event Details / Investigation Notes
- Below is a snippet example:
Section: Action Items
- Below is a snippet example:

Who receives an MDR alert?

All contacts listed on the Trend Vision One Managed Services Contact Information page tagged for Alert Notifications will receive the MDR alert. The first contact listed is also considered the primary contact, and as a result will be assigned as the “case owner” for all MDR Alerts.

However, all other contacts in the Trend Vision One Managed Services Contact Information list will be copied on all outbound case correspondence, receive alerts in the same way, and can respond to alerts in the same way as the primary contact.

How do you respond to an MDR alert?

You can respond to an MDR alert several ways:

Via the case number in the Trend Micro Business Success Portal
Via a reply to the original MDR email alert (keeping subject header reference intact)
Via the case number visible in the Trend Vision One platform, under Workflow and Automation > Case Management > MDR tab

The ability to view this tab is aligned with Trend Vision One’s Workbench management scope, meaning that if the user has management scope permission for any one of the Workbenches associated with a case, then they can view/edit the case in this case management app.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Overview of MXDR Alerts in Trend Vision One™

What does an MXDR alert contain?

Who receives an MDR alert?

How do you respond to an MDR alert?

Overview of MXDR Alerts in Trend Vision One™

Product / Version includes:

Summary

What does an MXDR alert contain?

Who receives an MDR alert?

How do you respond to an MDR alert?