Overview of Trend Micro™ Managed Detection and Response (MDR) Alerts

Product / Version includes:

Managed Detection and Response All , Trend Vision One Threat Intelligence

Last updated: 2025/04/23

Solution ID: KA-0019609

Category: SPEC

Summary

An MDR alert is a security alert that is sent by the MDR team upon the detection of critical events rooted in suspicious activities or threats detected in your Vision One environment. The alert is sent by email after an event is investigated and any approved response actions are taken to mitigate the activity. Collectively, this email alert and any response actions taken thereof are deliverables of the Managed XDR Service (MDR).

These email alerts may contain action items and/or recommendations. Therefore, it is important to keep the MDR team updated about which actions you have completed, to ensure we close the loop on any threat and mitigate further persistence.

EXPAND ALL

What does an MDR alert contain?

Each alert will begin with one of the following two subjects:
- Subject: [MDR Alert]
- Subject: [MDR Incident Alert]
Every alert notification references a case number, which is listed at the top of the alert email.
The body of every initial alert starts off with a template containing these common sections:
- [Section: Observation]
  - A Managed XDR observation, containing the triggering detection plus an overall investigative determination of the event, classified as an: “Incident”, “Noteworthy” and “Not Noteworthy.”
  - Examples:
    - Trend Micro Managed XDR observed a NOTEWORTHY Vision One alert with the model name [Heuristic Attribute] Possible Event Triggered Execution and Workbench ID WB-*****.
    - Trend Micro Managed Services observed a NOTEWORTHY Vision One alert with the model name Potential Ransomware Encryption and Workbench ID WB-******.
    - From our investigation so far, we have declared this as an INCIDENT.
    - This alert is sent to inform you that the Vision One alert with the model name [Heuristic Attribute] Possible Abuse Elevation Control Mechanism and Workbench ID WB-***** is NOT NOTEWORTHY and categorized as Benign based on Managed XDR's investigation.
    A Noteworthy “Threat Hunting” alert will contain an additional “Threat Hunting” disclaimer at the top of the email.
- [Section: Summary]
  Example Snippet:
- [Section: Event Details / Investigation Notes]
  Example Snippet
- [Section: Action Items]
  Example Snippet

Who receives an MDR alert?

All contacts listed on the Vision One Managed Services Contact Information page tagged for Alert Notifications will receive the MDR alert. The first contact listed is also considered the primary contact, and as a result will be assigned as the “case owner” for all MDR Alerts.

However, all other contacts in the Vision One Managed Services Contact Information list will be copied on all outbound case correspondence, receive alerts in the same way, and can respond to alerts in the same way as the primary contact.

How do you respond to an MDR alert?

You can respond to an MDR alert several ways:

Through your case number when you log in to Business Support Portal.
By replying to the original MDR email alert (keeping subject header reference intact).
Through the case number visible in the Trend Vision One platform, under the Workflow and Automation > Case Management > MDR tab.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Overview of Trend Micro™ Managed Detection and Response (MDR) Alerts

What does an MDR alert contain?

Who receives an MDR alert?

How do you respond to an MDR alert?

Overview of Trend Micro™ Managed Detection and Response (MDR) Alerts

Product / Version includes:

Summary

What does an MDR alert contain?

Who receives an MDR alert?

How do you respond to an MDR alert?