Views:

Update security feature settings that do not require a stack update to take effect.

Some security features have configuration settings that can be updated without requiring a stack update. These security feature settings have been grouped together on the Configuration tab to allow you to easily find and update settings not requiring a stack update.
Enabled feature
Description
Cyber Risk Exposure Management - Cloud account assessment
Enable Cyber Risk Exposure Management - Cloud account assessment to discover and assess your cloud assets in Attack Surface Discovery, Threat and Exposure Management, and Cloud Security Posture.
Note
Note
Enabling this setting requires credits to use. For more information, see Cyber Risk Exposure Management pricing models for cloud account assessment.
Agentless Vulnerability & Threat Detection
Select the resource types to include in Agentless Vulnerability & Threat Detection scanning for both vulnerability and anti malware.
Available resource types:
  • EBS
  • ECR
  • LAMBDA
Cloud Detections for AWS CloudTrail
Enable XDR data collection to monitor and protect your cloud assets with XDR for Cloud.
Cloud Detections for Amazon Security Lake
Configure which scanned logs to forward to Trend Vision One. By default, all available logs are selected when enabling Cloud Detections for Amazon Security Lake.
Enable or disable forwarding of the following logs:
  • CloudTrail - Management Events
  • CloudTrail - S3 Data Events
  • CloudTrail - Lambda Data
  • EKS Audit Logs
  • Route 53 Resolver Query Logs
  • SecurityHub Findings
  • VPC Flow Logs
  • WAF Logs
Associate Server & Workload Protection instance
Select the scanning regions for the Server & Workload Protection instance associated with the cloud account.