Security event forwarding via TrendAI Vision One Endpoint Security agent

Views:

Enable sharing security event information from an on-premises Active Directory server with TrendAI Vision One™.

Configuring security event forwarding enhances visibility into identity-related risks by allowing Active Directory to share the following security event information with TrendAI Vision One™:

Object access events
Logon/logoff events
System events
Account management events

This function is now achieved using the TrendAI Vision One™ Endpoint Security agent with the Identity Security Sensor - Active Directory enabled, replacing the previous requirements to install a separate Active Directory Connector.

Important

The Active Directory Connector is no longer supported as of May 1, 2026. To prevent duplicate security events and future interruptions, TrendAI™ recommends uninstalling the Active Directory Connector (if installed), and installing the TrendAI Vision One™ Endpoint Security agent with the Identity Security Sensor - Active Directory enabled instead.

Procedure

Go to Workflow and Automation → Third-Party Integrations.
Locate and click the Active Directory (on-premises) card.
Ensure that the toggle is set to Enable Active Directory integration.
Configure data synchronization and user access control.

Go to Endpoint Security → Endpoint Inventory, and click Agent Installer to deploy the TrendAI Vision One™ Endpoint Security agent.

Note

Ensure that you install the correct agent package on all Active Directory servers in your network.

The following agent types support the Identity Security Sensor - Active Directory at the specified minimum versions:

Agent type	Minimum version (Windows)
Standard Endpoint Protection	14.0.0.20372 or later
Server & Workload Protection	20.0.2-26670 or later
Endpoint Sensor	1.2.0.6967 or later

For detailed deployment instructions, see Manage your agent deployments.

Configure an endpoint security policy and enable Identity Security Sensor - Active Directory in the policy settings.
1. Go to Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies → Policies.
2. Click Create policy.
  
  The Create policy window appears.
3. Specify the Policy name.
  
  TrendAI™ recommends using a name that is easy to search and identify the purpose of the policy.
4. From the Identity Security Sensor drop-down list, select Enable.
5. Click Save or Save and exit.
Assign the policy.

Monitor agent deployment status and verify that agents are functioning correctly.

Note

For customers that have previously deployed the Active Directory Connector, you can still view the Active Directory Connector deployments in Third-Party Integrations → Active Directory (on-premises).

Action	Steps
View agents with the Identity Security Sensor - Active Directory enabled	Go to Endpoint Security → Endpoint Inventory. Click Add filters (). Select the filter Endpoint security policy setting. From the security module list, search and set Identity Security Sensor - Active Directory to Enabled.
View agents properly forwarding security events to TrendAI Vision One™	Go to Endpoint Security → Endpoint Inventory. Click Add filters (). Select the filter Identity Security Sensor - Active Directory.

Comments (0)