Trend Micro Control Manager Integration

Cloud App Security integrates with Trend Microâ„¢ Control Manager and supports Control Manager 6.0 Service Pack 3 Patch 1 or later.

Cloud App Security provides the following features and capabilities if managed from Control Manager:

  • Use Single Sign-On (SSO) to access the Cloud App Security management console from the Control Manager console.

  • Add Cloud App Security data to the Data Loss Prevention and Threat Detection dashboard tabs on the Control Manager console.

  • Check the current Cloud App Security connection status.

  • Query or display logs submitted by Cloud App Security.

    Note:
    • In Control Manager 6.0 SP3 Patch 1, Cloud App Security submits only Malware Scanning logs to Control Manager.

    • From Control Manager 6.0 SP3 Patch 2, Cloud App Security submits Malware Scanning, File Blocking, Web Reputation, Virtual Analyzer, Ransomware, and Data Loss Prevention logs to Control Manager.

About Trend Micro Control Manager

Trend Micro Control Manager is a central management console that manages Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. Administrators can use the policy management feature to configure and deploy product settings to managed products and endpoints. The Control Manager web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.

Control Manager enables system administrators to monitor and report on activities such as infections, security violations, or virus/malware entry points. System administrators can download and deploy update components throughout the network, helping ensure that protection is consistent and up to date. Example update components include virus pattern files, scan engines, and anti-spam rules. Control Manager allows both manual and pre-scheduled updates. Control Manager allows the configuration and administration of products as groups or as individuals for added flexibility.

Registering Cloud App Security

Make sure you have a Customer Licensing Portal (CLP) or Licensing Management Platform (LMP) account and your account has been bound both with Cloud App Security and Control Manager.

  1. In Control Manager, go to Administration > Managed Servers.
  2. Under Server Type, select Cloud App Security.
  3. Click Cloud Service Settings.
  4. Type the LMP logon URL, for example, https://clp.trendmicro.com/Dashboard?T=<tenant-id>, if you are using an LMP account. tenant-id is your company's Tenant ID. You can confirm the URL from the registration email message you received.
    Note:

    CLP users do not need to type the CLP logon URL.

  5. Specify your LMP account credentials and click OK.

    The Cloud App Security server appears in the Managed Servers list.

Managing Cloud App Security

  1. In Control Manager, go to Administration > Managed Servers.
  2. Click Directory Management.
  3. In the product tree, click Local Folder, and then locate and select the Cloud App Security entity.
  4. Manage the Cloud App Security entity as necessary.

Configuring Single Sign-On

  1. In Control Manager, go to Administration > Managed Servers.
  2. Under Server Type, select Cloud App Security.
  3. Under Server, click the server address.

    The Dashboard screen of the Cloud App Security management console opens in a new browser tab.

Checking Cloud App Security Server Status

  1. In Control Manager, go to Dashboard.
  2. Click the Summary tab.
  3. Scroll down and find the Product Connection Status widget.

    You can check the status of any Cloud App Security server registered with Control Manager.

Querying Cloud App Security Logs

Cloud App Security Malware Scanning, File blocking, Web Reputation, Virtual Analyzer, and Data Loss Prevention logs are available in Control Manager.

  1. In Control Manager, go to Logs > Log Query.

    The Log Query screen appears.

  2. Click the Virus/Malware detections drop-down list, select the type of logs to query, and then click OK.
  3. In the product tree, click Local Folder, select the Cloud App Security entity, and then click OK.
  4. Select a date range and click Search.

    The log query result screen appears, showing the query results.

Viewing Data Loss Prevention Policy Violating Data

Cloud App Security transfers the content that violates Data Loss Prevention policies to Control Manager and displays it on Control Manager dashboard.

Note:

To view the violating content, make sure you have installed Control Manager 7.0 Patch 1 with hot fix 3004 or later.

  1. Go to Dashboard > DLP Incident Investigation.
  2. Click a number in the DLP Incidents by Severity and Status or DLP Incidents by User widget.

    The Incident Information screen appears.

  3. Click Action at the end of an incident row.

    The Incident Details screen appears, where the violating content is displayed under Matching content, with sensitive data masked or unmasked as configured in the corresponding Cloud App Security Data Loss Prevention policies.