Views:

Enable cloud security features and permissions to give Trend Vision One greater visibility and protection over your cloud assets.

Enabling the Cloud Account features and permissions on your AWS accounts allows various Trend Vision One apps and security features to access your cloud account and gain greater visibility over assets and monitor for potential threats. Each feature and permission is described in the table below.
Important
Important
  • Some features support a limited number of AWS regions. For more information, see AWS supported regions and limitations.
  • Agentless Vulnerability & Threat Detection, XDR for Cloud - AWS VPC Flow Logs, and File Security Storage are a pre-release sub-features and are not part of the existing features of an official commercial or general release. Please review the Pre-release Sub-Feature Disclaimer before using the sub-features.
  • For accounts managed by AWS organizations, Cloud Accounts currently only supports enabling the following features:
    • Core features
    • Container Protection for Amazon ECS
Feature
Description
Core Features
The core set of features and permissions required to connect your AWS account
Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
Note
Note
Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
Agentless Vulnerability & Threat Detection
The feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your account
This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications.
Note
Note
You can to specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic Block Store), ECR (Elastic Container Registry), and Lambda.
Container Protection for Amazon ECS
The feature and permission set to view and protect your containers
This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.
Important
Important
  • As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
  • At this time, the ECS runtime vulnerability scanning feature does not support scanning ECR images installed on AWS accounts where Container Security is not installed.
For more information, see Container Security.
XDR for Cloud - AWS CloudTrail
The feature and permission set to enable Cloud Audit Log Monitoring for your account
This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.
Cloud audit logs are used as a data source in the following Trend Vision One apps and services:
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.
Note
Note
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of July 2024, only XDR for Cloud - AWS CloudTrail logs count towards the data allowance limit. After the official release of AWS VPC Flow Logs, data from both log sources counts towards your data allowance for XDR for Cloud.
Cloud Response for AWS
The feature and permission set to allow response actions for your account
This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
File Security Storage
The feature and permission set to allow the File Security app to monitor and scan files and cloud storage
This feature allows Trend Vision One permission to view and scan files and cloud objects within your cloud storage to search for and detect possible malware. For more information, see File Security.
Real-Time Posture Monitoring
The feature and permission set to enable Real-Time Posture Monitoring for the Cloud Posture app
This feature allows Trend Vision One permission to monitor your cloud account to provide live monitoring with instant threat and remediation alerts for activities and events within your cloud environment. For more information, see Real-Time Posture Monitoring.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
XDR for Cloud - AWS VPC Flow Logs
This feature and permission set enable monitoring of Virtual Private Cloud (VPC) flow logs
This feature set allows Trend Vision One to collect and analyze VPC flow logs to identify and provide alerts for malicious IP traffic, SSH brute force attacks, data exfiltration, and more.
AWS VPC flow logs are used as a data source in the following Trend Vision One apps and services:
  • Threat Intelligence Sweeping
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
You can search for VPC Flow Log events using the Search app by selecting Cloud Activity Data or Network Activity Data as the search method. For more information, see Search method data sources.
This feature has additional requirements and considerations. For more information, see VPC Flow Logs recommendations and requirements.
Note
Note
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of July 2024, only XDR for Cloud - AWS CloudTrail logs count towards the data allowance limit. After the official release of AWS VPC Flow Logs, data from both log sources counts towards your data allowance for XDR for Cloud.
Related information