Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring (RTM) provides live monitoring with instant threat and remediation alerts for activities and events within your AWS , Azure, and GCP accounts.
Conformity RTM ingests raw events to allow you to easily monitor your environment, and supports updating Checks for a subset of Rules in near real-time. You can view our documentation listing the Conformity Rules supported by RTM.
Two key features are offered with RTM:
  1. Activity Dashboard - identify unusual user activities
  2. Monitoring Dashboard - get an in-depth record of all events in an AWS account
What's the number of rules RTM covers once it's enabled?
  • 8 pure RTM rules, which are always running for any kind of events
  • 25+ additional rules looking for events of significance.For example, internet gateway config changes
  • 350+ rules running in real-time whenever resources are modified_Note: The number of rules covered does not match the_ total number of rules that Conformity supports. This is because RTM is set up to cover the most used AWS services. New services or not-so-critical services are not integrated with RTM
  • The services for which we have extensive but not necessarily complete coverage are:
    • S3
    • EC2
    • ELB
    • Auto Scaling
    • CloudFormation
    • IAM
    • DynamoDB
    • Lambda
    • CloudFront
    • EKS
    • ECR

Setup Real-Time Threat Monitoring Parent topic

Procedure

  1. Add a Conformity account
  2. Follow the instructions on setting up Real-Time Threat Monitoring

Access Real-Time Threat Monitoring Parent topic

Procedure

  1. Select an Account where Real-Time monitoring is enabled
  2. Open Dashboard

Uninstall Real-Time Threat Monitoring Parent topic

To uninstall Real-Time Threat Monitoring from your account, open a command prompt or shell and run the following command:

Procedure

  1. For AWS RTM:
    curl -L https://us-west-2.cloudconformity.com/v1/monitoring/uninstall.sh | bash -s
  2. For Azure RTM: Please refer to Uninstalling RTM for Azure.