Before deploying the Claude Compliance Collector, make sure you have the required accounts, API credentials, and AWS access in place.
Claude Enterprise Plan
The Anthropic Compliance API is only available on the Claude Enterprise plan. Verify
that your organization has an active Claude Enterprise subscription before continuing.
The Compliance API must be enabled for your organization before you can generate a
Compliance Access Key. A Claude Enterprise Primary Owner can enable it by going to
and selecting Enable under Compliance API.
Anthropic Compliance Access Key
The Compliance Access Key allows the collector to read chat activity and message content
from your organization's Claude usage.
The key requires the following scopes:
-
read:compliance_activities— access to the Activity Feed for chat discovery -
read:compliance_user_data— access to retrieve chat message content
To generate the key, see Get access to the Compliance API in the Claude API docs.
TrendAI Vision One™ API key
The TrendAI Vision One™ API key enables the collector to forward chat content to AI Guard for policy scanning.
The key requires the AI Guard - Call detection API permission.
For instructions on generating the API key, see Add an API key.
AI Guard endpoint URL
The
AIGuardUrl parameter specifies the full endpoint URL the collector sends conversation content
to for AI Guard scanning. The URL depends on whether you use Trend-hosted or self-hosted
AI Guard.Trend-hosted AI Guard
Select the URL that corresponds to your TrendAI Vision One™ regional deployment:
| Region | AI Guard endpoint URL |
|
United States
|
https://api.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
|
Europe
|
https://api.eu.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
|
Australia
|
https://api.au.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
|
Japan
|
https://api.jp.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
|
Singapore
|
https://api.sg.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
|
India
|
https://api.in.xdr.trendmicro.com/v3.0/aiSecurity/applyGuardrails |
Self-hosted AI Guard
If you are using a self-hosted AI Guard deployment, the endpoint URL is generated
during deployment. For deployment instructions and to find your endpoint URL, see
Integrate self-hosted AI Guard.
AWS Account
The collector deploys as an AWS CloudFormation stack. Verify the following before
deployment:
-
You have an AWS account with permission to create CloudFormation stacks, Lambda functions, SQS queues, EventBridge schedules, Secrets Manager secrets, IAM roles, and CloudWatch Log Groups.
-
The AWS region you deploy into meets your data residency requirements.
 |
ImportantKubernetes deployment support is planned for a future release. AWS is the only supported
deployment environment in this release.
|
AI Guard Policy
The Claude Compliance Collector forwards Claude conversation content to AI Guard for
scanning. Before deploying the collector, configure an AI Guard scan settings to define
what to scan for. For instructions, see Configure Trend-hosted AI scan settings or .Configure self-hosted AI scan settings.