Gain more access to risk indicators across your corporate network by connecting multiple data sources to Attack Surface Risk Management.
Trend Vision One allows you to connect multiple Trend Micro or third-party data sources to Attack Surface Risk Management in order to gain extra visibility into your organization’s attack surface, risk indicators,
and vulnerabilities. The more data sources you connect to Attack Surface Risk Management, the more complete a picture you can get of your organization's security posture.
Different data sources have different requirements when connecting to Attack Surface Risk Management. The following procedure outlines the basic steps required to connect a data source.
Procedure
- Go to .
- Click the Data sources button in the upper right.
Tip
You can also access Data sources by clicking the button in Executive Dashboard or Attack Surface Discovery, or by going to.A list of all Trend Micro and third-party data sources supported by Attack Surface Risk Management appears. Click a risk factor to highlight the data sources used to collect data for the specified risk factor. - Find and click the data source you wish to connect. A screen appears to explain the
data permissions needed and the connection requirements for the specified data source.
Important
You must have allocated credits, a valid license, or an established account for the Trend Micro or third-party data source you wish to connect. Most Trend Micro data sources must be configured, connected, and managed in the app corresponding to the source. Most third-party data sources must be configured, connected, and managed in Third-Party Integration unless otherwise specified. Once a data source is connected, it may take a few minutes for the data source status to change.The following tables detail the data sources supported by Attack Surface Risk Management, the type of data collected from the data source, and the connection method.Trend Vision One XDR Sensors
SourceData collectedConnection methodEndpoint SensorUser, app, and web activities, and vulnerability assessment on monitored endpointsConfigure in Endpoint Inventory.Email SensorEmail activities in Office 365 Exchange OnlineConfigure in Email Asset Inventory.Network SensorDetected threats in monitored endpoint trafficConfigure in Network Inventory.Trend Micro Security Services
SourceData collectedConnection methodStandard Endpoint ProtectionUsers, applications, web activities, security settings, and detected threats on monitored endpointsConfigure in Endpoint Inventory.Server & Workload ProtectionUsers, applications, web activities, and detected threats on monitored endpointsConfigure in Endpoint Inventory.Trend Micro Apex One as a ServiceUsers, applications, web activities, and detected threats on monitored endpointsConfigure in Product Instance.Trend Micro Apex One On-premisesSecurity settings and detected threats on monitored endpointsConfigure in Product Instance.Cloud Email and Collaboration ProtectionDetected threats and security settings from Google Gmail and Microsoft Office 365 apps.Configure in Product Instance.Trend Cloud One - ConformityCloud configurations on AWS™, Microsoft® Azure, and Google Cloud™ environments-
Ensure you have a license for Conformity. You may sign up for a free trial if necessary.
-
Connect and configure your cloud accounts in Conformity.
-
Create and copy a new read-only API key in the Trend Cloud One console.
-
In the Trend Vision One console, click on the Trend Cloud One - Conformity data source.
-
Paste the API key into the corresponding field and click Check
-
After the API key has been successfully checked, turn on Data upload permission.
-
Click Save.
Trend Cloud One - Endpoint & Workload SecurityUsers, applications, web activities, and detected threats on monitored endpointsConfigure in Product Instance.Trend Micro Deep Discovery InspectorTargeted attacks and advanced threats in monitored network trafficConfigure in Network Inventory.Trend Micro Deep SecurityUsers, applications, web activities, and detected threats on monitored endpointsConfigure in Product Instance.Cloud Email Gateway ProtectionEmail activities, security settings, and detected threats on monitored email domains.Configure in Product Instance.Trend Micro Web SecurityWeb activity and web application related data of monitored devices and users via Trend Micro Web SecurityConnected when Zero Trust Secure Access - Internet Access is configured and deployed.Trend Micro Mobile SecurityCloud apps, mobile apps, threats, and user activities detected on monitored mobile devicesConfigure in Mobile Inventory.Trend Vision One Phishing SimulationsBreach events from phishing simulationsConfigure in Phishing Simulations.Trend Vision One Container SecurityVulnerabilities, detected threats, and system configuration risks on monitored containers and imagesConfigure in Container Inventory.TippingPoint Security Management SystemNetwork detection logs and filter rule status-
Connect TippingPoint in Network Inventory.
-
Ensure you have installed and configured a Service Gateway virtual appliance.
-
Enable the following on your Service Gateway:
-
Forward proxy
-
Log forwarding
-
Suspicious Object List synchronization
-
TippingPoint policy management
-
Zero Trust Secure Access - Private AccessUsers, device,s threat detections, and internal app activities from your internal networkConfigure in Zero Trust Secure Access.Zero Trust Secure Access - Internet AccessUsers, devices, threat detections, and cloud app activities to external networksConfigure in Zero Trust Secure Access.Third-Party Data Sources
SourceData collected or function performedConnection methodActive Directory (on-premises)User information and activity data-
Go to.
-
Find and click Active Directory (on-premises).
-
Enable Active Directory integration.
-
Follow the onscreen instructions to add your Active Directory server.
Important
Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.Google Cloud IdentityDirectory data and activity data-
Grant access permissions in your Google Cloud Identity tenant.
-
Go to.
-
Configure your Google Cloud Identity tenant. You must configure the same tenant in which you granted permissions.
xDomeThird-party vulnerability assessment tool (SaaS)Turn on Data upload permission and provide the country or region-specific xDome URL and API key created for an xDome user account with the appropriate role. For more information, see xDome integration.Microsoft Entra IDUser information and activity data-
Go toand click Microsoft Entra ID.
-
Locate one or multiple Microsoft Entra ID tenants that you want to grant permissions for, and click Grant permissions in the Status column for Attack Surface Risk Management.
-
Follow the onscreen instructions to enable the data connection. For more information, see Microsoft Entra ID integration.
- Go back to Data sources, turn on Data upload permission and click Save.
Nessus ProNessus Pro user data on apps, devices, and behaviors-
Go to.
-
Find and click Nessus Pro and follow the onscreen instructions to connect your account. For more information, see Nessus Pro Integration.
Office 365Usage and activities on Office 365 apps including OneDrive, SharePoint, and TeamsTurn on Data upload permission after you have connected Microsoft Entra ID. If desired, you may also turn permission off.Important
Connecting Office 365 as a data source requires that you configure and connect Microsoft Entra ID as a data source. To do so, enable the Data upload permission toggle for Microsoft Entra ID and configure in Third-Party Integration.OktaAllows access to user information and activity data-
Obtain the Okta URL domain and API token from your Okta environment. For more information, see Obtaining your Okta URL domain and API token.
Note
Your Okta user account must have one of the following administrator privileges in Okta:-
API Access Management Admin
-
Mobile Admin
-
Read-Only Admin
-
App Admin
-
Org Admin
-
Super Admin
-
-
Go to.
-
Find and click Okta and follow the onscreen instructions to connect your account. For more information, see Okta integration.
Important
Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.OpenLDAPAllows access to user information from your internal network-
Ensure you have installed a Service Gateway and enabled the On-premises directory connection service.
-
Go to.
-
Find and click OpenLDAP and follow the onscreen instructions to connect your server. For more information, see OpenLDAP integration.
QualysThird-party vulnerability assessment tool (SaaS)- In your Qualys console, create a new account with an active subscription and the following
permissions:
-
Role: Reader
-
Asset Management Permissions: Read Asset
-
Allow access: API
-
Asset Groups (assigned to)
-
-
Add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Qualys console.
-
Go back to Data sources and provide the username and password for the newly created account.
-
Turn on Data upload permission and click Save and Verify. If desired, you may also turn permissions off.
Note
Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Endpoint Sensor.Rapid7 - InsightVMThird-party vulnerability assessment tools (SaaS)-
From your Rapid7 console, obtain the Insight Platform URL and API key for a Rapid7 Insight user account with the Platform Admin role. For more information, see Rapid7 - InsightVM integration.
-
Go back to Data sources and provide the newly obtained Platform URL and API key.
-
Turn on Data upload permission and click Save. If desired, you may also turn permissions off.
Rapid7 - NexposeThird-party vulnerability assessment tools (on-premises)-
Ensure you have installed a Service Gateway with the Rapid7 - Nexpose connector service enabled.
-
Go to.
-
Find and click Rapid7 - Nexpose and follow the onscreen instructions to connect your server. For more information, see Rapid7 - Nexpose integration.
RescanaThird-party tool for External Attack Surface ManagementImportant
Enabling the Rescana integration switches the Attack Surface Risk Management data source for collecting internet-facing asset data to Rescana. After switching the data source, internet-facing asset data previously collected by Trend Micro solutions will no longer be available.-
Obtain the URL and API token for your Rescana account in your Rescana console.
-
Go back to Data sources and provide the newly obtained URL and API token.
-
Click Test connection to verify connectivity.
-
Provide the URL and API token for your Rescana account.
-
Click Connect.
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.SalesforceSalesforce metadata and information on system misconfigurationsTurn on Data upload permission after you have connected Salesforce in Third-Party Integration.For more information, see Salesforce integration.Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.Splunk - Network Firewall / Web Gateway LogsUser activities on detected cloud apps-
Go to.
-
Find and click Attack Surface risk Management for Splunk.
-
Copy the displayed authentication token.
- Download and install the Attack Surface Risk Management for Splunk app.
-
Use the authentication token to configure the app. For more information, see Attack Surface Risk Management for Splunk integration.
Tanium ComplyThird-party vulnerability assessment tool (Saas) - Obtain the Tanium Comply URL and API token from the Tanium console using an account with the appropriate role. For more information, see Tanium Comply integration.
-
Add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Tanium console.
-
Go back to Data sources and provide the newly obtained URL and API token.
-
Turn on Data upload permission and click Save. If desired, you may also turn permissions off.
Tenable Security CenterThird-party vulnerability assessment tool (on-prem)-
Ensure you have a Service Gateway installed with the Tenable Security Center connector service enabled.
-
Go to.
-
Find and click Tenable Security Center and follow the onscreen instructions to connect your server. For more information, see Tenable Security Center data source setup.
Tenable Vulnerability ManagementThird-party vulnerability assessment tool (SaaS)-
Obtain the Tenable Vulnerability Management secret key and access key from the Tenable Vulnerability Management console using an account with the appropriate permissions. For more information, see Tenable Vulnerability Management integration.
-
Go back to Data sources and provide the newly obtained secret key and access key.
-
Turn on Data upload permission and click Save. If desired, you may also turn permissions off.
-