By connecting multiple data sources to Attack Surface Risk Management you gain access to more risk indicators across your corporate network.
Procedure
- Go to .
- Click the Data sources button in the upper right.You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.
- Click the Source that you want to configure.
Trend Vision One XDR Sensors
SourceData targetConfigurationEndpoint SensorUser, app, and web activities, and vulnerability assessment on monitored endpointsTurn on Data upload permission.Email SensorEmail activities in Office 365 Exchange OnlineTurn on Data upload permission.Network SensorDetected threats in monitored endpoint trafficTurn on Data upload permission.Trend Micro Security Services
SourceData targetConfigurationStandard Endpoint ProtectionUser, applications, web activities, security settings, and detected threats on monitored endpoints.Turn on Data upload permission.Server & Workload ProtectionUser, application, and web activities, and detected threats on monitored endpointsTurn on Data upload permission.Trend Micro Apex One as a ServiceUser, app, and web activities, and detected threats on monitored endpointsTurn on Data upload permission.Trend Micro Apex One On-premisesSecurity settings and detected threats on monitored endpoints.Turn on Data upload permission.Cloud Email and Collaboration ProtectionDetected threats and security settings on Google Gmail and Microsoft Office 365 apps.Turn on Data upload permission.Trend Micro Cloud App SecurityDetected threats and security settings on Google Gmail and Microsoft Office 365 apps.Turn on Data upload permission.Trend Micro Deep Discovery InspectorTargeted attacks and advanced threats in monitored network trafficTurn on Data upload permission.Trend Micro Deep SecurityUser, application, and web activities, and detected threats on monitored endpointsTurn on Data upload permission.Cloud Email Gateway ProtectionEmail activities, security settings, and detected threats on monitored email domains.Turn on Data upload permission.Trend Micro Email SecurityEmail activities, security settings, and detected threats on monitored email domains.Turn on Data upload permission.Trend Micro Web SecurityWeb activity and web application related data of monitored devices and users via Trend Micro Web SecurityTurn on Data upload permission.Trend Micro Mobile SecurityCloud apps, mobile apps, threats, and user activities detected on monitored mobile devicesTurn on Data upload permission.TippingPoint Security Management SystemNetwork detection logs and filter rule statusTurn on Data upload permission.Zero Trust Secure Access - Private AccessUser, device, threat detections, and internal app activities from your internal networkTurn on Data upload permission.Zero Trust Secure Access - Internet AccessUser, device, threat detections, and cloud app activities to external networksTurn on Data upload permission.Third-Party Data Source
SourceData targetConfigurationActive Directory (on-premises)Allows access to user information and activity dataTurn on Data upload permission and follow the onscreen instructions to enable the data connection.Important
Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.AWS AccountsAllows access to cloud assets in AWS accounts- Go to
-
Click AWS Accounts.
-
Click Add Account.
-
Follow the onscreen instructions to add your AWS account.
MedigateThird-party vulnerability assessment tool (SaaS)Turn on Data upload permission and provide the country or region-specific Medigate URL and API key created for a Medigate user account with the appropriate role.Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.Microsoft Entra IDAllows access to user information and activity data-
Click Manage permissions and integration settings in Third-Party Integration to open the Microsoft Entra ID screen of the Third-Party Integration app.
-
Locate one or multiple Microsoft Entra ID tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Attack Surface Risk Management.
-
Follow the onscreen instructions to enable the data connection.
-
Go back to the Microsoft Entra ID Data Source panel and turn on Data upload permission.
Nessus ProAllows access to Nessus Pro user data regarding apps, devices, and behaviorsAfter configuring Nessus Pro in Third-Party Integration, turn on Data upload permission.Office 365Usage and activities on Office 365 apps including OneDrive and SharePointTurn on Data upload permission and follow the onscreen instructions to enable the data connection.Important
Configuring Office 365 as a data source also requires that you configure Microsoft Entra ID as a data source. To do so, enable the Data upload permission toggle in the Microsoft Entra ID data source (if not already configured).After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.OktaAllows access to user information and activity dataBefore turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.Note
Your Okta user account must have one of the following administrator privileges in Okta:-
API Access Management Admin
-
Mobile Admin
-
Read-Only Admin
-
App Admin
-
Org Admin
-
Super Admin
Turn on Data upload permission to grant Trend Micro permission to enable the data connection.Important
Operations Dashboard and Zero Trust Secure Access both require data upload permission to ensure certain features function properly. Revoking data upload permission may prevent secure access policy enforcement and risk analysis.OpenLDAPAllows access to user information from your internal networkTurn on Data upload permission and follow the onscreen instructions to enable the data connection.QualysThird-party vulnerability assessment tool (SaaS)Turn on Data upload permission and provide a Qualys account with an active subscription and the following permissions:-
Role: Reader
-
Asset Management Permissions: Read Asset
-
Allow access: API
-
Asset Groups (assigned to)
You must also add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Qualys console.Note
Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Endpoint Sensor.Rapid7 - InsightVMThird-party vulnerability assessment tools (SaaS)Provide the Insight Platform URL and API key for a Rapid7 Insight account with the Platform Admin role.Rapid7 - NexposeThird-party vulnerability assessment tools (on-premises)After configuring the Rapid7 integration settings in Third-Party Integration, turn on Data upload permission.RescanaThird-party tool for External Attack Surface ManagementEnabling the Rescana integration switches the Attack Surface Risk Management data source for collecting internet-facing asset data to Rescana. After switching the data source, internet-facing asset data previously collected by Trend Micro solutions will no longer be available.-
Provide the URL and API token for your Rescana account.
-
Click Test Connection to verify connectivity before saving the settings.
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.Splunk - Network Firewall / Web Gateway LogsUser activities on detected cloud appsBefore turning on Data upload permission, install the Attack Surface Risk Management for Splunk app and provide the API token.Configure the necessary firewall exceptions based on your region:-
Australia:
ingestor-anz.xdr.trendmicro.com
-
Europe:
ingestor-eu.xdr.trendmicro.com
-
India:
ingestor-in.xdr.trendmicro.com
-
Japan:
ingestor-jp.xdr.trendmicro.com
-
Singapore:
ingestor-sg.xdr.trendmicro.com
-
United States:
ingestor-us.xdr.trendmicro.com
Tanium ComplyThird-party vulnerability assessment tool (Saas) -
Provide the Tanium Comply URL and API key for a Tanium Comply account with the appropriate role.
-
You must add your Trend Vision One regional IP addresses for Attack Surface Risk Management to the list of trusted IP addresses in the Tanium Comply console.
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.Tenable Security CenterThird-party vulnerability assessment tool (on-prem)Tenable Vulnerability ManagementThird-party vulnerability assessment tool (SaaS)