Views:

Prerequisites

Before enabling TrendAI Vision One™ Cloud IPS, ensure you have the following:
AWS requirements and permissions
  • Active AWS account with appropriate permissions
  • Existing AWS Network Firewall deployment (or plan to create one)
Required AWS IAM permissions
  • networkfirewall:*: To manage Network Firewall policies and rule groups.
  • aws-marketplace:Subscribe: To subscribe to Trend-managed rule groups.
  • ec2:DescribeVpcs: To view VPC configuration.
  • ec2:DescribeSubnets: To view subnet configuration.
Network Firewall deployment
If you don't have AWS Network Firewall deployed yet, refer to AWS documentation:

Subscribe to TrendAI Vision One™ managed rule groups in AWS marketplace

  1. Sign in to the AWS Management Console.
  2. Navigate to VPCNetwork FirewallNetwork Firewall rule groups.
  3. Select the AWS Marketplace tab.
  4. Locate TrendAI Vision One™ Cloud IPS.
  5. Click View subscription options.
  6. Review the subscription details:
    • Pricing: $0.010 per GB inspected
    • Terms: Review AWS Marketplace terms
  7. Click Subscribe to complete the subscription.
Note
Note
You can subscribe to one or all rule groups. Pricing is $0.010/GB total, regardless of how many rule groups you enable.

Add managed rule groups to Firewall policy

Option A: Add to an existing Firewall Policy
  1. Navigate to VPCNetwork FirewallFirewall policies.
  2. Select your existing Firewall policy.
  3. Click ActionsAdd partner managed rule groups.
  4. Select the TrendAI Vision One™ managed rule groups you subscribed to:
    • TrendAI-MalwareBlockStrictOrder
    • TrendAI-CVEClientBlockStrictOrder
    • TrendAI-CVEServerBlockStrictOrder
    Note
    Note
    TrendAI Vision One™ recommends that you enable Run in alert mode to test this configuration before blocking traffic.
  5. Click Add to policy.
  6. Review the updated policy configuration.
  7. Click Save to apply changes.
Option B: Create New Firewall Policy
  1. Navigate to VPCNetwork FirewallFirewall policies.
  2. Click Create Firewall policy.
  3. Configure policy settings:
    • Name: Enter a descriptive name (e.g., "production-firewall-policy")
    • Description: Document the policy purpose
  4. In the Stateful rule groups section, click Add partner managed rule groups and select TrendAI Vision One™ managed rule groups.
  5. (Optional) Add AWS managed rule groups or custom rule groups.
  6. Configure stateless rule groups if needed.
  7. Click Create Firewall policy.

Associate policy to Network Firewall

  1. Navigate to VPCNetwork FirewallFirewalls .
  2. Select your Network Firewall.
  3. Click ActionsAssociate firewall policy.
  4. Select the firewall policy containing TrendAI Vision One™ managed rule groups.
  5. Click Associate.
  6. Wait for the association to complete (typically 1-2 minutes).

Verify configuration

  1. Navigate to your Network Firewall details.
  2. Click the Firewall policy tab.
  3. Verify TrendAI Vision One™ managed rule groups are listed under Stateful rule groups.
  4. Verify the Status shows "Active".

Configure alert mode

By default, TrendAI Vision One™ managed rule groups block and alert on matching traffic. Alert mode can be enabled to only alert without blocking. Alert mode can also be used for initial testing to validate detection accuracy for the first 24-48 hours of deployment.
To enable alert mode:
  1. Navigate to your firewall policy.
  2. Find the TrendAI Vision One™ managed rule group in Stateful rule groups.
  3. Click Edit next to the rule group.
  4. Enable Alert mode.
  5. Click Save.
To return to default block and alert behavior, disable alert mode following the same steps.