Local and SAML accounts, including role and access level

Passwords and two-factor authentication settings of local accounts

Authentication tokens of accounts with API access

Roles and their corresponding permissions for all Trend Vision One features

Alerts from all available data sources, including investigation status, notes, and other details

Detection models, including status (enabled or disabled), risk level, and required products

Security intelligence reports written by threat defense experts, including associated threat campaigns, target regions or countries, and target operating systems

Summaries about user access, app-related actions, setting changes, and other configuration modifications that occurred using the Trend Vision One console or APIs

Supported and/or connected on-premises and SaaS products, including connection status and registration details from the Customer Licensing Platform

Enrollment tokens of on-premises products

Settings for Splunk alerts and email notifications

Test notifications

Events in the Observed Attack Techniques app that match specified criteria

Response actions that you can take on endpoints, email messages, and other objects in your environment

Information about response tasks that you have created

SAML 2.0 single sign-on settings

Trend Vision One service provider (SP) metadata XML file

IdP metadata file

Agent and endpoint information

Detection data that matches query criteria

Sweeping tasks and their corresponding results

Information to configure the Trend Vision One for Splunk (XDR) Add-On.

Intelligence Reports

Sandbox Analysis

Suspicious Object Management