Configuring Endpoint Sensor Settings | Trend Micro Service Central

Views:

Important:

The Endpoint Sensor feature requires special licensing and additional system requirements. Ensure that you have the correct license before deploying Endpoint Sensor policies to endpoints. For more information on how to obtain licenses, contact your support provider.

If your environment manages both Apex One on-premises and Apex One as a Service Security Agents, some features may be different compared to Apex One as a Service. Apex One as a Service Security Agents continue to send data to Trend Micro servers but investigation capabilities may differ from the Apex Central as a Service console.

Select Enable Endpoint Sensor.

Select Enable event recording to begin collecting system event logs on the agent endpoint. (on-premises only)

Endpoint Sensor uses the real-time event logs to identify at-risk endpoints when performing investigations. After identifying affected Windows endpoints, you can perform an in-depth root cause analysis to better understand possible attack vectors.

Option	Description
Maximum database size (on-premises only)	Specify the maximum database size that Endpoint Sensor can use to store event logs on the endpoint. Once the agent database reaches the maximum size limit, Endpoint Sensor purges the oldest logs to make space for new event entries.
Send a subset of log data to perform Historical Investigations (on-premises only)	The information sent to the server consists of metadata, such as domain, files, or processes on the endpoint. Endpoint Sensor utilizes the data during Historical Investigations to identify affected endpoints. Upload frequency: Specify how often the agent uploads the metadata to the server. Note: Depending on your network, more frequent uploads may affect network performance. Additional hash types: Specify if Endpoint Sensor also calculates and sends SHA-256 and MD5 hashes to the server. By default, Endpoint Sensor sends SHA1 hashes only. Note: Selecting additional hash types takes up more database space.
Enable Attack Discovery to detect known attack indicators on endpoints	Attack Discovery uses Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection.

Option

Description

Maximum database size

(on-premises only)

Specify the maximum database size that Endpoint Sensor can use to store event logs on the endpoint. Once the agent database reaches the maximum size limit, Endpoint Sensor purges the oldest logs to make space for new event entries.

Send a subset of log data to perform Historical Investigations

(on-premises only)

The information sent to the server consists of metadata, such as domain, files, or processes on the endpoint. Endpoint Sensor utilizes the data during Historical Investigations to identify affected endpoints.

Upload frequency: Specify how often the agent uploads the metadata to the server.

Note:
Depending on your network, more frequent uploads may affect network performance.
Additional hash types: Specify if Endpoint Sensor also calculates and sends SHA-256 and MD5 hashes to the server. By default, Endpoint Sensor sends SHA1 hashes only.

Note:
Selecting additional hash types takes up more database space.

Enable Attack Discovery to detect known attack indicators on endpoints

Attack Discovery uses Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection.