Endpoint Security
Monitor and analyze endpoint protection status, agent deployment, and endpoint inventory using Trend Micro Vision One. This skill provides visibility into workstations, servers, and their security posture.
Instructions
- •
When the user asks about endpoints, workstations, servers, or agent status, use this skill to query endpoint data.
- •
List endpoints: Start with
list_endpointsto get an overview of all managed endpoints. - •
Check agent status: Use
list_endpoint_agentsto review agent deployment and health across the environment. - •
Get endpoint details: Use
get_endpointto retrieve comprehensive information about a specific endpoint. - •
Filter by criteria: Use filtering capabilities to focus on specific OS types, agent versions, or protection status.
- •
Identify gaps: Look for endpoints with outdated agents, disabled protection, or missing security components.
- •
Correlate with alerts: Cross-reference endpoint data with Workbench alerts for affected systems.
Tools
This skill uses the following Vision One MCP tools (all read-only):
| Tool | Purpose |
|---|---|
list_endpoints | List all managed endpoints with status |
get_endpoint | Get detailed endpoint information |
list_endpoint_agents | List endpoint agent deployments |
get_endpoint_agent | Get specific agent details |
list_endpoint_agent_versions | List available and deployed agent versions |
get_endpoint_protection_status | Get protection status for endpoints |
Common Workflows
Endpoint Inventory Review
- •List all endpoints
- •Group by OS type (Windows, macOS, Linux)
- •Check protection status for each group
- •Identify unprotected or partially protected endpoints
- •Summarize coverage metrics
Agent Health Assessment
- •List endpoint agents
- •Check agent versions against current release
- •Identify outdated agents requiring updates
- •Check agent connectivity status
- •Generate update priority list
Protection Gap Analysis
- •List endpoints with protection status
- •Filter for disabled or degraded protection
- •Identify endpoints missing security components
- •Cross-reference with critical asset lists
- •Prioritize remediation by risk
Incident Response Support
- •Get details for affected endpoint(s)
- •Check current protection status
- •Review agent version and capabilities
- •Identify available response actions
- •Document endpoint context for investigation
Compliance Reporting
- •List all endpoints
- •Calculate protection coverage percentage
- •Identify non-compliant endpoints
- •Check agent version compliance
- •Generate compliance summary
Output Format
Endpoint Inventory
## Endpoint Summary **Total Endpoints**: [count] - Protected: [count] ([%]) - Partially Protected: [count] ([%]) - Unprotected: [count] ([%]) ### By Operating System | OS | Count | Protected | Issues | |----|-------|-----------|--------| | Windows 11 | [count] | [count] | [count] | | Windows 10 | [count] | [count] | [count] | | Windows Server | [count] | [count] | [count] | | macOS | [count] | [count] | [count] | | Linux | [count] | [count] | [count] | ### By Protection Status - Full protection: [count] - Missing component(s): [count] - Agent offline: [count] - Protection disabled: [count]
Endpoint Details
## Endpoint: [Hostname] **IP Address**: [IP] **MAC Address**: [MAC] **Operating System**: [OS Name] [Version] **Last Seen**: [Timestamp] ### Agent Information - Agent Version: [Version] - Agent Status: [Online/Offline] - Last Check-in: [Timestamp] ### Protection Status - Real-time scan: [Enabled/Disabled] - Behavior monitoring: [Enabled/Disabled] - Web reputation: [Enabled/Disabled] - Firewall: [Enabled/Disabled] ### Security Posture - Open vulnerabilities: [count] - Recent detections: [count] - Risk score: [score]
Agent Status Report
## Agent Deployment Status **Current Version**: [Version] **Total Agents**: [count] ### Version Distribution | Version | Count | Status | |---------|-------|--------| | [Version] | [count] | Current | | [Version] | [count] | Outdated | | [Version] | [count] | Critical Update Needed | ### Connectivity - Online: [count] - Offline (< 24h): [count] - Offline (> 24h): [count] - Offline (> 7d): [count] ### Update Priority 1. [count] endpoints require critical updates 2. [count] endpoints have outdated agents 3. [count] endpoints need attention (offline)
Security Considerations
- •This skill provides read-only access to endpoint inventory data
- •Endpoint names, IPs, and configurations are sensitive infrastructure information
- •Unprotected endpoints represent significant security risk
- •Offline agents may indicate compromised or isolated systems
- •Agent version gaps should be addressed to maintain protection efficacy
- •Coordinate with IT operations for agent deployments and updates
- •Use endpoint data to prioritize patching and incident response