Integrating ScanMail with Trend Vision One

Procedure

1. Generate an enrollment token in Trend Vision One.
   1. On the Trend Vision One console, go to Service Management → Product Instance or Service Management → Product Connector.
   2. Click Add Existing Product or Connect.
   3. In the Instance type or Product field, select ScanMail for Microsoft Exchange.
   4. Click the link to generate an enrollment token.
   5. Copy the enrollment token for use on the ScanMail product console.
   6. Click Save.
2. On the ScanMail product console, go to Trend Vision One → Integration Settings.
3. In the Connection Settings section, next to Trend Vision One token, paste the enrollment token you obtained in this step.

   Note If you only specify the token without configuring the other connection settings, ScanMail will directly connect to Trend Vision One.

4. If you want to connect to Trend Vision One through a Service Gateway, complete the following procedure.
   1. On the Trend Vision One console, go to Workflow and Automation → Service Gateway Management.
   2. If you do not have an existing Service Gateway deployed, install a Service Gateway.
      For detailed instructions, see Deployment Guides.
   3. Click the Service Gateway name.
   4. Click Manage Services.
   5. Click the install icon to install the Forward Proxy Service, and then enable the service.
      The Forward Proxy Service comes with a default port for ScanMail. If you want to use a custom port, change the port in the Forward Proxy Service configuration screen of the Trend Vision One console. ScanMail automatically applies the custom port when integrating with Trend Vision One.
   6. Record the Service Gateway IP address for use on the ScanMail product console.
   7. On the ScanMail product console, go to Trend Vision One → Integration Settings.
   8. Select Enable Service Gateway connection.
   9. Specify the Service Gateway IP address you obtained in step 6.
5. If you want to connect to Trend Vision One through a proxy server, complete the following procedure.

   Note You can only choose to connect to Trend Vision One through either a Service Gateway or a proxy server.

   1. Select Use a proxy server to connect to Trend Vision One.
   2. Specify the host name or IP address of the proxy server and its port number.
   3. If your proxy server requires authentication, specify the user name and password used for authentication.
6. Select Forward detection logs to Trend Vision One.
7. Under Suspicious Object List Synchronization, configure the following:
   1. Select Enable Suspicious Object List, if you want ScanMail to leverage the Suspicious Object Lists from Trend Vision One. ScanMail synchronizes the consolidated Suspicious Object Lists (including the Virtual Analyzer and User-defined objects) to apply to the specified scan filters.

      Important You can synchronize and apply Suspicious Object Lists from only one of the sources: Apex Central, Deep Discovery Director, or Trend Vision One. Determine the source that you want to use and enable suspicious object list synchronization in the corresponding configuration screen.

   2. Select the scan filters that you want the Suspicious Object Lists to apply to. Available filters are Security Risk Scan and Web Reputation.
   3. Select Enable suspicious objects detection notification to receive notifications about suspicious objects detections. The details of Security Risk Scan detection and Web Reputation detection follow their notification settings.
   • The scanning and decision processes for suspicious objects in the Security Risk Scan filter follows the following priority:
     User-defined suspicious objects > Pattern-based local scan > Virtual Analyzer reported suspicious objects
   • The scanning and decision processes for suspicious objects in the Web Reputation filter follows the following priority:
     User-defined suspicious objects > Virtual Analyzer reported suspicious objects > Web Reputation Services scan

   The action mapping in ScanMail for the Trend Vision One settings is defined in the following table.

   Action mapping table for suspicious objects

   Scan Filter	Trend Vision One Action Setting	ScanMail Action
   Security Risk Scan	Log	Pass
   	Block	Quarantine entire message (real-time scan) Quarantine message part (manual/schedule scan)
   Web Reputation	Log	Pass
   	Block	Quarantine entire message

8. Click Register.