Configuring data sources

Procedure

1. Go to Attack Surface Risk Management → Operations Dashboard.
2. Click the Data sources button in the upper right.
   You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.
3. Click the Source that you want to configure.

   Trend Vision One XDR Sensors

   Source	Data target	Configuration
   Endpoint Sensor	User, app, and web activities, and vulnerability assessment on monitored endpoints	Turn on Data upload permission.
   Email Sensor	Email activities in Office 365 Exchange Online	Turn on Data upload permission.
   Network Sensor	Detected threats in monitored endpoint traffic	Turn on Data upload permission.

   Trend Micro Security Services

   Source	Data target	Configuration
   Standard Endpoint Protection	User, applications, web activities, security settings, and detected threats on monitored endpoints.	Turn on Data upload permission.
   Server & Workload Protection	User, application, and web activities, and detected threats on monitored endpoints	Turn on Data upload permission.
   Trend Micro Apex One as a Service	User, app, and web activities, and detected threats on monitored endpoints	Turn on Data upload permission.
   Trend Micro Apex One On-premises	Security settings and detected threats on monitored endpoints.	Turn on Data upload permission.
   Cloud Email and Collaboration Protection	Detected threats and security settings on Google Gmail and Microsoft Office 365 apps.	Turn on Data upload permission.
   Trend Micro Cloud App Security	Detected threats and security settings on Google Gmail and Microsoft Office 365 apps.	Turn on Data upload permission.
   Trend Micro Deep Discovery Inspector	Targeted attacks and advanced threats in monitored network traffic	Turn on Data upload permission.
   Trend Micro Deep Security	User, application, and web activities, and detected threats on monitored endpoints	Turn on Data upload permission.
   Cloud Email Gateway Protection	Email activities, security settings, and detected threats on monitored email domains.	Turn on Data upload permission.
   Trend Micro Email Security	Email activities, security settings, and detected threats on monitored email domains.	Turn on Data upload permission.
   Trend Micro Web Security	Web activity and web application related data of monitored devices and users via Trend Micro Web Security	Turn on Data upload permission.
   Trend Micro Mobile Security	Cloud apps, mobile apps, threats, and user activities detected on monitored mobile devices	Turn on Data upload permission.
   TippingPoint Security Management System	Network detection logs and filter rule status	Turn on Data upload permission.
   Zero Trust Secure Access - Private Access	User, device, threat detections, and internal app activities from your internal network	Turn on Data upload permission.
   Zero Trust Secure Access - Internet Access	User, device, threat detections, and cloud app activities to external networks	Turn on Data upload permission.

   Third-Party Data Source

   Source	Data target	Configuration
   Active Directory (on-premises)	Allows access to user information and activity data	Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Important Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.
   AWS Accounts	Allows access to cloud assets in AWS accounts	Go to Workflow and Automation → Third-Party Integration Click AWS Accounts. Click Add Account. Follow the onscreen instructions to add your AWS account.
   Medigate	Third-party vulnerability assessment tool (SaaS)	Turn on Data upload permission and provide the country or region-specific Medigate URL and API key created for a Medigate user account with the appropriate role. Important This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
   Microsoft Entra ID	Allows access to user information and activity data	Click Manage permissions and integration settings in Third-Party Integration to open the Microsoft Entra ID screen of the Third-Party Integration app. Locate one or multiple Microsoft Entra ID tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Attack Surface Risk Management. Follow the onscreen instructions to enable the data connection. Go back to the Microsoft Entra ID Data Source panel and turn on Data upload permission.
   Nessus Pro	Allows access to Nessus Pro user data regarding apps, devices, and behaviors	After configuring Nessus Pro in Third-Party Integration, turn on Data upload permission.
   Office 365	Usage and activities on Office 365 apps including OneDrive and SharePoint	Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Important Configuring Office 365 as a data source also requires that you configure Microsoft Entra ID as a data source. To do so, enable the Data upload permission toggle in the Microsoft Entra ID data source (if not already configured). After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.
   Okta	Allows access to user information and activity data	Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment. Note Your Okta user account must have one of the following administrator privileges in Okta: API Access Management Admin Mobile Admin Read-Only Admin App Admin Org Admin Super Admin Turn on Data upload permission to grant Trend Micro permission to enable the data connection. Important Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.
   OpenLDAP	Allows access to user information from your internal network	Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
   Qualys	Third-party vulnerability assessment tool (SaaS)	Turn on Data upload permission and provide a Qualys account with an active subscription and the following permissions: Role: Reader Asset Management Permissions: Read Asset Allow access: API Asset Groups (assigned to) You must also add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Qualys console. Note Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Endpoint Sensor.
   Rapid7 - InsightVM	Third-party vulnerability assessment tools (SaaS)	Provide the Insight Platform URL and API key for a Rapid7 Insight account with the Platform Admin role.
   Rapid7 - Nexpose	Third-party vulnerability assessment tools (on-premises)	After configuring the Rapid7 integration settings in Third-Party Integration, turn on Data upload permission.
   Rescana	Third-party tool for External Attack Surface Management	Enabling the Rescana integration switches the Attack Surface Risk Management data source for collecting internet-facing asset data to Rescana. After switching the data source, internet-facing asset data previously collected by Trend Micro solutions will no longer be available. Provide the URL and API token for your Rescana account. Click Test Connection to verify connectivity before saving the settings. Important This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
   Splunk - Network Firewall / Web Gateway Logs	User activities on detected cloud apps	Before turning on Data upload permission, install the Attack Surface Risk Management for Splunk app and provide the API token. Configure the necessary firewall exceptions based on your region: Australia: ingestor-anz.xdr.trendmicro.com Europe: ingestor-eu.xdr.trendmicro.com India: ingestor-in.xdr.trendmicro.com Japan: ingestor-jp.xdr.trendmicro.com Singapore: ingestor-sg.xdr.trendmicro.com United States: ingestor-us.xdr.trendmicro.com
   Tanium Comply	Third-party vulnerability assessment tool (Saas)	Provide the Tanium Comply URL and API key for a Tanium Comply account with the appropriate role. You must add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Tanium Comply console. Important This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
   Tenable Security Center	Third-party vulnerability assessment tool (on-prem)	Tenable Security Center data source setup
   Tenable Vulnerability Management	Third-party vulnerability assessment tool (SaaS)	Tenable Vulnerability Management data source setup