Views:

Identify applications with potential security vulnerabilities that are in use within your organization.

Attack Surface Discovery detects all local applications, connected SaaS applications, and public cloud applications that have been accessed by your organization's users and devices. Trend Vision One categorizes and assigns a reputation score or asset risk score to each supported application. Applications that are detected but not supported for scanning receive an "Unsupported" status rather than a risk score. The consolidated visibility of all apps in your environment helps you to identify potential vulnerabilities, continuously assess and prioritize risk, and strengthen your security posture.
The following table describes the tabs available in the Applications section of Attack Surface Discovery.
Tab
Description
Public cloud apps
Displays all public cloud apps accessed by your organization's users and devices that have been active over the last 30 days
  • Search for public cloud apps by name.
  • Click Filter to filter cloud apps by Category, Reputation, Sanctioned state, Warnings, or Last detected time.
    • Lower public cloud app reputation scores indicate a better overall reputation.
  • Click Export to generate a report for the apps currently displayed on the list.
  • Click any public cloud app name to view details in the Public cloud app profile.
  • Select one or more public cloud apps and click Change Sanctioned/Unsanctioned to set the sanctioned status of the app.
  • Select one or more cloud apps and click Assign Secure Access Rule to control users' access to the selected public cloud apps. Options from Zero Trust Secure Access include:
    • Assign the selected public cloud apps to a new custom cloud app category and assign the apps to a new Internet Access rule
    • Add the selected public cloud apps to an existing cloud app category with Internet Access or Risk Control rules already applied.
  • Select one or more public cloud apps and click Manage Tags to view, add, or remove tags assigned to the selected apps.
Note
Note
Drilling down from the Users column and the User name column (drilled from the Visits column) is only available for users with the Accounts asset visibility scope.
Connected SaaS apps
Displays all connected SaaS apps managed by your organization and provides insight into your organization's SaaS security posture
  • View the connection status of the supported SaaS data sources, including Salesforce and Office 365.
  • Search for connected SaaS apps by name.
  • Click Filter to filter SaaS apps by Asset risk score, Category, Custom tags, or Last detected time.
  • Click any SaaS app name to view details in the Connected SaaS app profile.
  • Select one or more SaaS apps and click Manage Tags to view, add, or remove tags assigned to the selected apps.
    Important
    Important
    Asset criticality levels of Microsoft apps cannot currently be modified.
Local apps
Displays all local apps with activity in the last 30 days detected in your environment by the Trend Vision One Agent or Trend Micro Mobile Security
The Local app list displays the number of CVEs that affect each app. The app risk score equals the score of the highest-impact CVE for the application. Local apps that are not supported for scanning have an "Unsupported" status rather than a risk score. For more information, see Vulnerability Assessment supported Windows applications, Vulnerability Assessment supported macOS applications, and Vulnerability Assessment supported language packages.
Important
Important
  • The default permission status of an executable file is Not configured.
  • It may take up to 12 hours for a newly discovered local app to be assessed and receive a risk score. To ensure visibility of potentially high-risk unassessed apps, apps that are still assessing are grouped with high-risk apps and displayed before high-risk apps on the local apps list.
  • Unsupported apps are unable to receive a risk score and display a dash (-) in the Asset risk score column. Historical local app records from earlier than October 2025 do not include unsupported apps.
  • Search for local apps by name.
  • Click Filter to filter local apps by Operating system, Asset risk score, Vendor, First seen, or Last detected.
  • Click Export to generate a report for the local apps currently displayed on the list.
  • Click any column header to sort the list by that column.
  • Click any local app name to view details on the Local App Profile.
  • Click the number of devices in the entry for an app for a list of the devices on which the app has been detected.
  • Click the number of detected CVEs for an app for details on the CVEs that affect the app.
  • Select an app to change the permission status to Allowed or Blocked.
    Note
    Note
    This feature is not available in all regions.
Select View by executable file in the dropdown menu to see a list of executable files related to detected local apps.
  • Search for executable files by file name.
  • Click Filter to filter executable files by Product name, Permission status, First seen, or Last detected.
  • Click on any executable file name to view details on the Executable File Profile.
  • Click the number of devices in the entry for an executable file for a list of the devices on which the file has been detected.
  • Select an executable file to change the file permission status to Allowed or Blocked.