Views:

By connecting multiple data sources to Attack Surface Risk Management you gain access to more risk indicators across your corporate network.

Procedure

  1. Go to Attack Surface Risk ManagementOperations Dashboard.
  2. Click the Data sources button in the upper right.
    You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.
  3. Click the Source that you want to configure.

    Trend Vision One XDR Sensors

    Source
    Data target
    Configuration
    Endpoint Sensor
    User, app, and web activities, and vulnerability assessment on monitored endpoints
    Turn on Data upload permission.
    Email Sensor
    Email activities in Office 365 Exchange Online
    Turn on Data upload permission.
    Network Sensor
    Detected threats in monitored endpoint traffic
    Turn on Data upload permission.

    Trend Micro Security Services

    Source
    Data target
    Configuration
    Standard Endpoint Protection
    User, applications, web activities, security settings, and detected threats on monitored endpoints.
    Turn on Data upload permission.
    Server & Workload Protection
    User, application, and web activities, and detected threats on monitored endpoints
    Turn on Data upload permission.
    Trend Micro Apex One as a Service
    User, app, and web activities, and detected threats on monitored endpoints
    Turn on Data upload permission.
    Trend Micro Apex One On-premises
    Security settings and detected threats on monitored endpoints.
    Turn on Data upload permission.
    Cloud Email and Collaboration Protection
    Detected threats and security settings on Google Gmail and Microsoft Office 365 apps.
    Turn on Data upload permission.
    Trend Micro Cloud App Security
    Detected threats and security settings on Google Gmail and Microsoft Office 365 apps.
    Turn on Data upload permission.
    Trend Cloud One - Conformity
    Monitor cloud configuration on AWS, Microsoft® Azure, and Google Cloud environments
    Trend Cloud One - Endpoint & Workload Security
    User, applications, web activities, security settings, and detected threats on monitored endpoints
    Turn on Data upload permission.
    Trend Micro Deep Discovery Inspector
    Targeted attacks and advanced threats in monitored network traffic
    Turn on Data upload permission.
    Trend Micro Deep Security
    User, application, and web activities, and detected threats on monitored endpoints
    Turn on Data upload permission.
    Cloud Email Gateway Protection
    Email activities, security settings, and detected threats on monitored email domains.
    Turn on Data upload permission.
    Trend Micro Email Security
    Email activities, security settings, and detected threats on monitored email domains.
    Turn on Data upload permission.
    Trend Micro Web Security
    Web activity and web application related data of monitored devices and users via Trend Micro Web Security
    Turn on Data upload permission.
    Trend Micro Mobile Security
    Cloud apps, mobile apps, threats, and user activities detected on monitored mobile devices
    Turn on Data upload permission.
    Trend Vision One Container Security
    Vulnerabilities, detected threats, and system configuration risks on monitored containers and images
    TippingPoint Security Management System
    Network detection logs and filter rule status
    Turn on Data upload permission.
    Zero Trust Secure Access - Private Access
    User, device, threat detections, and internal app activities from your internal network
    Turn on Data upload permission.
    Zero Trust Secure Access - Internet Access
    User, device, threat detections, and cloud app activities to external networks
    Turn on Data upload permission.

    Third-Party Data Source

    Source
    Data target
    Configuration
    Active Directory (on-premises)
    Allows access to user information and activity data
    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
    Important
    Important
    Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.
    AWS Accounts
    Allows access to cloud assets in AWS accounts
    1. Go to Workflow and AutomationThird-Party Integration
    2. Click AWS Accounts.
    3. Click Add Account.
    4. Follow the onscreen instructions to add your AWS account.
    Medigate
    Third-party vulnerability assessment tool (SaaS)
    Turn on Data upload permission and provide the country or region-specific Medigate URL and API key created for a Medigate user account with the appropriate role.
    Important
    Important
    This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
    Microsoft Entra ID
    Allows access to user information and activity data
    1. Click Manage permissions and integration settings in Third-Party Integration to open the Microsoft Entra ID screen of the Third-Party Integration app.
    2. Locate one or multiple Microsoft Entra ID tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Attack Surface Risk Management.
    3. Follow the onscreen instructions to enable the data connection.
    4. Go back to the Microsoft Entra ID Data Source panel and turn on Data upload permission.
    Nessus Pro
    Allows access to Nessus Pro user data regarding apps, devices, and behaviors
    After configuring Nessus Pro in Third-Party Integration, turn on Data upload permission.
    Office 365
    Usage and activities on Office 365 apps including OneDrive and SharePoint
    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
    Important
    Important
    Configuring Office 365 as a data source also requires that you configure Microsoft Entra ID as a data source. To do so, enable the Data upload permission toggle in the Microsoft Entra ID data source (if not already configured).
    After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.
    Okta
    Allows access to user information and activity data
    Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.
    Note
    Note
    Your Okta user account must have one of the following administrator privileges in Okta:
    • API Access Management Admin
    • Mobile Admin
    • Read-Only Admin
    • App Admin
    • Org Admin
    • Super Admin
    Turn on Data upload permission to grant Trend Micro permission to enable the data connection.
    Important
    Important
    Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.
    OpenLDAP
    Allows access to user information from your internal network
    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
    Qualys
    Third-party vulnerability assessment tool (SaaS)
    Turn on Data upload permission and provide a Qualys account with an active subscription and the following permissions:
    • Role: Reader
    • Asset Management Permissions: Read Asset
    • Allow access: API
    • Asset Groups (assigned to)
    You must also add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Qualys console.
    Note
    Note
    Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Endpoint Sensor.
    Rapid7 - InsightVM
    Third-party vulnerability assessment tools (SaaS)
    Provide the Insight Platform URL and API key for a Rapid7 Insight account with the Platform Admin role.
    Rapid7 - Nexpose
    Third-party vulnerability assessment tools (on-premises)
    After configuring the Rapid7 integration settings in Third-Party Integration, turn on Data upload permission.
    Rescana
    Third-party tool for External Attack Surface Management
    Enabling the Rescana integration switches the Attack Surface Risk Management data source for collecting internet-facing asset data to Rescana. After switching the data source, internet-facing asset data previously collected by Trend Micro solutions will no longer be available.
    1. Provide the URL and API token for your Rescana account.
    2. Click Test Connection to verify connectivity before saving the settings.
    Important
    Important
    This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
    Splunk - Network Firewall / Web Gateway Logs
    User activities on detected cloud apps
    Before turning on Data upload permission, install the Attack Surface Risk Management for Splunk app and provide the API token.
    Configure the necessary firewall exceptions based on your region:
    • Australia: ingestor-anz.xdr.trendmicro.com
    • Europe: ingestor-eu.xdr.trendmicro.com
    • India: ingestor-in.xdr.trendmicro.com
    • Japan: ingestor-jp.xdr.trendmicro.com
    • Singapore: ingestor-sg.xdr.trendmicro.com
    • United States: ingestor-us.xdr.trendmicro.com
    Tanium Comply
    Third-party vulnerability assessment tool (Saas)
    • Provide the Tanium Comply URL and API key for a Tanium Comply account with the appropriate role.
    • You must add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Tanium Comply console.
    Important
    Important
    This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
    Tenable Security Center
    Third-party vulnerability assessment tool (on-prem)
    Tenable Vulnerability Management
    Third-party vulnerability assessment tool (SaaS)