web
You’re offline. This is a read only version of the page.
close

Online Help Center

  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More Yes, I agree
  • Online Help Center
  • XDR and Management Platforms
  • ...
    Trend Vision OneTrend Vision OneXDR Threat InvestigationSearch app
  • Search syntax
  • Use regex in Search queries
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • Privacy and personal data collection disclosure
    • Pre-release disclaimer
    • Pre-release sub-feature disclaimer
  • Trend Vision One data privacy, security, and compliance
  • PCI Security Standards
  • What's New
    • What's New by App Group
      • Platform Directory
      • Cyber Risk Exposure Management
      • Dashboards and Reports
      • XDR Threat Investigation
      • Threat Intelligence
      • Workflow and Automation
      • Zero Trust Secure Access
      • Assessment
      • Identity Security
      • Data Security
      • Endpoint Security
      • Cloud Security
      • Network Security
      • Email and Collaboration Security
      • Mobile Security
      • Service Management
      • Administration
      • Platform Releases
    • Release Notes
      • Compliance Management
      • Detection Model Management
      • Firewall Exceptions
      • Service Gateway
        • Service Gateway Firmware
        • Service Gateway: Local ActiveUpdate Service
        • Service Gateway: Forward Proxy Service
        • Service Gateway: Smart Protection Services
        • Service Gateway: Generic Caching Service
        • Service Gateway: Syslog Connector (On-Premises)
        • Service Gateway: Suspicious Object Synchronization Service
      • Trend Vision One Endpoint Security agent
        • Windows agent updates
        • Linux agent updates
        • macOS agent updates
        • Zero Trust Secure Access module
      • Virtual Network Sensor
      • Zero Trust Secure Access On-premises Gateway
      • Zero Trust Secure Access Private Access Connector
  • Introduction
    • Trend Vision One – Proactice security starts here
      • Features and benefits
      • Trend Cybertron
      • Trend Micro supported products
      • Platform Directory
      • Account Settings
      • Account Settings (Foundation Services release)
      • User account switch
      • Business Profile
      • Context menu
        • Advanced analysis actions
        • Response actions
        • Search actions
        • Display settings actions
      • Simulations
        • Running simulations with Trend Vision One Endpoint Security agents
        • Running simulations on endpoints manged by connected endpoint protection products
        • Running simulations on Deep Security Agents endpoints with Activity Monitoring
        • Running the Network Sensor attack simulation
        • Running the TippingPoint network attack simulation
        • Running the behavior anomaly network attack simulation
        • Running the threat actor attack simulation
        • Running the email attack scenario
        • Running Cloud Attack Simulations with Container Security
        • Running the cross-layer attack simulation
    • Trend Vision One Mobile
      • Getting started with Trend Vision One Mobile
      • Receiving notifications from the Trend Vision One console
    • Checking the Trend Vision One service status
      • SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
  • Getting started
    • Getting started with Trend Vision One
      • Activate your Trend Vision One license
      • Trend Vision One access tiers
        • Essential Access
          • Activate Trend Vision One with Essential Access
        • Advanced Access
      • Update Trend Vision One to the Foundation Services release
        • Foundation Services update considerations
        • Impacts of migrating user accounts from other Trend Micro products
      • Connect your IdP solutions
      • Configure user roles and accounts
        • Configure user roles
        • Configure user accounts
      • Firewall exception requirements for Trend Vision One
        • Americas - firewall exceptions
          • Firewall exceptions: Americas - all exceptions
          • Firewall exceptions: Americas - cloud service extension
          • Firewall exceptions: Americas - hosted Service Gateway
        • Australia - firewall exceptions
          • Firewall exceptions: Australia - all exceptions
          • Firewall exceptions: Australia - cloud service extension
          • Firewall exceptions: Australia - hosted Service Gateway
        • Europe - firewall exceptions
          • Firewall exceptions: Europe - all exceptions
          • Firewall exceptions: Europe - cloud service extension
          • Firewall exceptions: Europe - hosted Service Gateway
        • India - firewall exceptions
          • Firewall exceptions: India - all exceptions
          • Firewall exceptions: India - cloud service extension
          • Firewall exceptions: India - hosted Service Gateway
        • Japan - firewall exceptions
          • Firewall exceptions: Japan - all exceptions
          • Firewall exceptions: Japan - cloud service extension
          • Firewall exceptions: Japan - hosted Service Gateway
        • Singapore - firewall exceptions
          • Firewall exceptions: Singapore - all exceptions
          • Firewall exceptions: Singapore - cloud service extension
          • Firewall exceptions: Singapore - hosted Service Gateway
        • Middle East and Africa - firewall exceptions
          • Firewall exceptions: Middle East and Africa - all exceptions
          • Firewall exceptions: Middle East and Africa - cloud service extension
          • Firewall exceptions: Middle East and Africa - hosted Service Gateway
        • Legacy firewall exceptions
          • Australia - firewall exceptions
          • Europe - firewall exceptions
          • India - firewall exceptions
          • United States - firewall exceptions
      • Connect existing products to product instance
      • Review detection models
      • Check Workbench alerts
  • Cyber Risk Exposure Management
    • Cyber Risk Overview
      • Risk Overview
        • Get started with cyber risk subindexes
        • Devices view
        • Internet-facing assets view
        • Accounts view
        • Applications view
        • Cloud assets view
      • Exposure Overview
        • CVE impact score
        • CVE assessment visibility and configuration
        • Cloud asset compliance violations
        • Accounts with weak authentication
          • Multi-factor authentication disabled
          • Password expiration disabled
          • Strong password requirement disabled
        • Accounts that increase attack surface risk
          • Synced admin accounts
          • Extra admin accounts
          • Stale accounts
        • Accounts with excessive privilege
          • Service account misconfigurations
          • Highly authorized disabled accounts
      • Attack Overview
      • Security Configuration Overview
        • Microsoft Defender for Endpoint security configuration
      • Troubleshoot devices with no vulnerability assessment visibility
      • Cyber Risk Index algorithm updates
        • May 5, 2025 - Cyber Risk Index algorithm version 3.0
        • January 29, 2024 - Cyber Risk Index algorithm version 2.0
        • June 5, 2023 - Cyber Risk Index algorithm version 1.1
    • Continuous Risk Management
      • Attack Surface Discovery
        • Internet-Facing Assets
          • Internet-facing domains
          • Internet-facing IP addresses
          • Internet-facing asset exposure scans
        • Applications
        • Cloud assets
          • Cloud Risk Graph
        • APIs
          • Enable detailed metrics for an API gateway
          • Delete API gateways in AWS
            • Delete an endpoint path
        • Asset criticality
        • Risk assessment
        • Asset profile screens
          • Device profile
          • Domain profile
          • IP address profile
          • Account profile
          • Service account profile
          • Public cloud app profile
            • Public cloud app reputation
          • Connected SaaS app profile
          • Local app profile
          • Executable file profile
          • Cloud asset profile
        • Asset profile platform tags
          • Custom asset tags
        • Cyber Risk Exposure Management response actions
      • Threat and Exposure Management
        • Cyber Risk Index overview
          • Risk Reduction Measures
            • Selecting a risk reduction goal
            • Cyber Risk Index reduction
        • Risk factors
          • Account compromise
            • Dark web monitoring
          • Vulnerabilities
            • Vulnerability Assessment
              • Vulnerability Assessment supported operating systems
                • Vulnerability Assessment supported Windows applications
                • Vulnerability Assessment supported macOS applications
                • Vulnerability Assessment supported language packages
              • Connect Trend Cloud One - Endpoint & Workload security and enable activity monitoring
            • CVE assessment visibility and configuration
            • CVE profiles
              • Time-critical CVE profiles
            • Attack prevention/detection rules
            • Mean time to patch (MTTP) and average unpatched time (AUT)
            • Vulnerability percentages and CVE density
          • Activity and behaviors
          • Public cloud app activity
          • System configuration
            • Accounts with weak authentication
              • Multi-factor authentication disabled
              • Password expiration disabled
              • Strong password requirement disabled
            • Accounts that increase attack surface risk
              • Synced admin accounts
              • Extra admin accounts
              • Stale accounts
              • Unmanaged service accounts
              • Non-domain controllers with domain admin sign-ins
            • Accounts with excessive privilege
              • Service account misconfigurations
              • Highly authorized disabled accounts
              • Pseudo domain admins
              • Pseudo limited domain admins
            • Cloud asset compliance violations
          • XDR detection
          • Threat detection
          • Security configuration
          • Predictive analytics
        • Event Rule Management
        • Configuring data sources
          • Risk visibility support for Trend Micro products
          • Cyber Risk Exposure Management regional IP addresses
          • Conformity AWS data source setup
          • Conformity Azure data source setup
          • Conformity Google Cloud data source setup
          • Tenable Security Center data source setup
          • Tenable Vulnerability Management integration
        • Agentless Vulnerability & Threat Detection
          • Get started with Agentless Vulnerability & Threat Detection in AWS
            • Enable vulnerability scanning for AWS
            • Enable anti-malware scanning for AWS
            • Agentless Vulnerability & Threat Detection estimated deployment costs for AWS
          • Get started with Agentless Vulnerability & Threat Detection in Google Cloud
            • Agentless Vulnerability & Threat Detection estimated deployment costs for Google Cloud
          • Get started with Agentless Vulnerability & Threat Detection in Microsoft Azure
          • Scan manually for vulnerabilities and malware
          • Agentless Vulnerability & Threat Detection supported operating systems
          • Find the file system UUID for malware detections
            • Find the UUID in Windows
            • Find the UUID in Linux
          • Agentless Vulnerability & Threat Detection troubleshooting and frequently asked questions
            • AWS troubleshooting and frequently asked questions
            • Google Cloud troubleshooting and frequently asked questions
      • Vulnerability Management
        • Network Vulnerability Scanner
          • Get started with network vulnerability scans
            • Network Vulnerability Scanner supported products
          • Manage network scans
          • Manage scan reports
    • Cyber Attack Prediction
      • Attack Path Prediction
        • Investigate and remediate potential attack paths
        • How potential attack paths are detected and analyzed
          • Key attack path components
    • Security Posture Management
      • Cloud Security Posture
        • Help topics
        • Manage cloud accounts
          • Cloud accounts
          • Add cloud accounts
          • Managing preferences
            • Notification preferences
              • Email Notifications
              • Mobile Notifications
            • Rule preferences
              • New Rules Behavior
            • Guided Exclusions
            • PDF Reports Logo
          • Account settings
            • Cloud account settings
            • Cloud account general settings
            • Manage cloud account tags
              • Cloud account tags
            • Manage account groups
              • Grouped accounts
              • Group settings
        • Manage users
          • User
        • Cloud Security Posture
          • Cloud Risk Index
          • Asset Coverage
          • Protection
          • Security Posture
          • Compliance
          • Assets at Risk
          • Cloud Accounts Breakdown
          • Account details
          • Entitlements
          • AI Security Posture Management (AI-SPM)
          • Project Centric Overview
            • Define and Manage Projects
        • Misconfiguration and Compliance
          • Accounts navigation
          • All accounts
          • Add account
          • Summary widget
          • Threat monitoring section
          • Compliance status widget
          • Compliance evolution
          • Status per AWS region
          • Most critical failures
          • Summary
            • Report summary
            • Compliance evolution summary
        • Cloud Risk Management rules
          • Introduction to Cloud Risk Management rules
            • Contents
            • What rules does Trend Vision One™ – Cloud Risk Management support?
            • What is the frequency of running the rules?
            • What rules are run?
            • New Accounts
            • Rules configuration
            • Rule settings
            • Anatomy of a rule
            • Check summary
            • Not scored
            • Deprecated Rules
            • Rules supported by Real Time Monitoring
            • FAQs
          • Checks
            • Model check
              • What are Checks?
              • Viewing Checks
              • Check Actions
              • Failure and Success Definition
              • Not Scored Checks
            • Failed check resolution
              • Steps to resolve failures
            • Auto remediation
              • Content
              • How does auto-remediation work
              • Set up auto-remediation
              • Enable or disable rules after deploying auto-remediation
              • Testing auto-remediation deployment
              • Resolution using Manual notifications
              • Verify the auto-remediation resolution
              • Contribution to Auto-remediation project
            • Rules suppress check
            • Send rule to
          • Configurations
            • Rules configuration
            • Configure rules for friendly accounts
          • Rule categories
          • Search
            • Filter and search
              • Contents
              • Filter tags
              • Filter tags Exact Match
              • Filter tags Partial Match
              • Resource Id syntax
              • Regular expression syntax
              • Reserved characters
              • Standard operators
              • Wildcard syntax
              • Only show checks
              • Only show checks
              • How it works
            • CQL filter method
              • Contents
              • Logical operators
              • Resource Wildcards
              • Resource regular expressions
              • Fields list
              • Using CQL to filter your checks
              • Query examples
        • Reports
          • Rules status reports
          • All checks report
          • Configured reports
          • Cloud Risk Management report
          • Generate and download report
        • Compliance
          • Compliance and Cloud Risk Management
            • Supported Standards and Frameworks
            • Standard and Framework checks report
            • Compliance Excel Report
            • Example CIS AWS Foundations report
          • Compliance reports
          • Compliance score
        • Monitoring Real-Time Posture
          • Real-Time Posture Monitoring
            • Setup Real-Time Posture Monitoring
            • Access Real-Time Posture Monitoring
          • Real-Time Posture Monitoring settings
          • Activity Dashboard
          • Monitoring Dashboard
        • Communication and notification
          • Supported notifications
          • Re-run historical check notifications
          • Communication settings
            • Settings for notifications
            • Toggle automatic notifications
            • Communication triggers
            • Communication recipients
            • Copy communication settings
            • Toggle manual notifications
          • Communication channels
            • Communication integrations
            • Email communication
            • SMS communication
            • Slack communication
            • Pagerduty communication
            • Jira communication
              • Jira integration
              • Oauth client Jira setup
            • Zendesk communication
            • ServiceNow communication
            • Amazon SNS communication
            • Microsoft Teams communication
            • Webhook communication
        • Cloud Risk Management Scan help
          • Cloud Risk Management Scan
          • Configuring Cloud Risk Management Scan
            • Cloud Risk Management Scan settings
            • Disable Cloud Risk Management Scan
            • Cloud Risk Management Scan enabled regions
            • Cloud Risk Management Scan frequency
          • Cloud Risk Management Scan - AWS
            • AWS integration
              • Supported regions
              • Unsupported regions
              • AWS Well-Architected Tool
            • AWS custom policy
          • Azure integration
            • Add Access Policy for Key Vault Attributes
          • Cloud Risk Management Scan - GCP
            • Add Cloud Risk Management IP address to GCP access level policy
        • Rule setting profiles
        • Template scanner
          • Template scanner
          • AWS CDK Development Kit (CDK) Example
          • AWS Cloudformation Example
          • Serverless Framework (AWS) Example
          • Terraform (AWS) Example
        • Performance
          • Performance troubleshooting
        • Cloud Security Posture FAQs
      • Identity Security Posture
        • Overview
          • Identity Summary
        • Exposure
          • Exposure risk event profile
        • Attack
          • Attack risk event profile
      • Data Security
        • Get started with Data Security
        • Data Security Posture
          • Get started with Data Security Posture
            • Enable Data Security Posture for your AWS cloud accounts
            • Enable or disable Data Security Posture for cloud storage assets
            • Enable Amazon Macie
          • Data Risk
          • Top Risky Assets with Sensitive Data
          • Sensitive Data Overview
          • Sensitive Data by Location
          • Exposure Risk Events
        • Data Policy
          • Add a data policy
        • Data Inventory
        • Track sensitive data movement
          • View sensitive data alerts in Workbench
          • View sensitive data events in Observed Attack Techniques
          • Track data lineage
    • Cyber Governance, Risk, & Compliance
      • Compliance Management
        • Get started with Compliance Management
        • Overview screen
        • Framework details screen
        • Create asset groups and assign asset tags
    • Security Awareness
      • Security Awareness firewall exceptions
      • Get started with training campaigns
        • Edit training campaign notification templates
      • Get started with phishing simulations
        • Phishing simulation settings
        • Monitor phishing simulations
        • Send follow-up notifications to phishing simulation participants
          • Edit phishing simulation notification templates
        • Create custom phishing simulation email templates
      • Set up allow lists for Security Awareness
        • Set up a Trend Micro Email Security allow list
        • Set up a Microsoft 365 Defender allow list
          • Avoid Microsoft Safe Links alerts when opening phishing simulation landing pages
        • Set up a Google Workspace allow list
        • Allow Security Awareness in Cloud Email Gateway Protection
        • Allow Security Awareness in Cloud Email and Collaboration Protection
        • Allow phishing simulation URLs in Microsoft Edge via group policy
        • Allow phishing simulation URLs in Google Chrome via group policy for Windows
        • Allow phishing simulation URLs in Google Chrome via group policy for macOS
        • Bypass clutter and spam filtering by email header for phishing simulation emails in Microsoft 365
        • Create rules for bypassing the junk folder in Microsoft 365
  • Dashboards and Reports
    • Dashboards
      • Customize Dashboards
      • Protocol groups in the Scanned Traffic Summary widget
      • Troubleshoot unresponsive endpoints listed in the Endpoint Protection Status widget
    • Reports
      • Configure a custom report
      • Configure a report from a template
      • Reports license requirements
      • Categories and submitters in the High-Risk Submissions report
  • XDR Threat Investigation
    • Detection Model Management
      • Detection models
        • Detection model data
      • Custom models
        • Custom model data
        • Configure a custom model
        • Run retro scans on custom model data
      • Custom filters
        • Create a custom filter
        • Use a template to create a custom filter
        • Filter query format
        • Custom filter data
        • Trend Micro Sigma specification
          • General guidelines
          • Structure
          • Available data subtypes
          • The search-identifier element
          • Use regex in custom filters
      • Exceptions
        • Add a custom exception
        • Add an exception from the context menu
        • Edit a custom exception
      • Creating filters and models for abnormal download behavior in SharePoint and OneDrive
    • Workbench
      • Getting started with Workbench
        • Enable WebGL
      • Workbench Insights
        • Workbench insight details
          • Workbench Insights alerts
          • Insight-Based Execution Profile
        • Assign owners to Workbench insights
      • All Alerts
        • Alert details
        • Investigate an alert
          • Context menu
          • Advanced Analysis actions
            • Execution Profile
            • Network analytics report
              • Overview of the network analytics report
              • Review the summary
              • Analysis using the Correlation Graph
                • Correlation Graph advanced search filter
              • Analysis using the Transaction and IOC Details
            • Data Lineage
        • Add an exception from the context menu
        • Assign owners to Workbench alerts
    • Search app
      • Search for and execute threat-hunting queries
      • Search actions from the context menu
      • Search syntax
        • Use regex in Search queries
      • Saved queries
      • Search results
        • Create a custom view for search results
      • Search method data sources
        • Data sources general search
        • Cloud activity data sources
        • Container activity data sources
        • Detections data sources
        • Email and Collaboration activity data sources
          • Query format for SharePoint and OneDrive file upload events
        • Endpoint activity data sources
          • eventId and eventSubId mapping
        • Firewall activity data sources
        • Identity and access activity data
        • Message activity data
        • Mobile activity data
          • eventId and eventSubId mapping
        • Network activity data
        • Secure access activity data
        • Third-Party Logs
        • Web activity data
    • Observed Attack Techniques
      • Troubleshooting & FAQ
        • How does Trend Vision One decide the risk level of an event?
    • Targeted Attack Detection
      • Attack exposure
      • Security features and XDR sensors
      • Attack phases
      • Attack scope
      • Risk management guidance
    • Forensics
      • War room
        • Workspaces
        • Evidence report
        • Timeline
        • Triage endpoints
      • Evidence archive
        • Evidence collection
          • Manual evidence collection for Windows endpoints
          • Manual evidence collection for Linux endpoints
          • Supported evidence types
            • Windows evidence types
              • Basic information
              • File timeline
              • Process information
              • Service information
              • Network information
              • Account information
              • System execution
              • User activity
              • Portable Executable (PE) attributes
            • Linux evidence types
              • Basic information
              • Process information
              • Service information
              • Network information
              • Account information
              • User activity
              • Shared file info objects
      • Task list
    • Managed Services
      • Request list
      • Managed Services settings
        • Configure response approval settings
      • Response actions
  • Threat Intelligence
    • Threat Insights
      • Information screen
      • Threat actor types
    • Intelligence Reports
      • Curated intelligence
      • Custom intelligence
      • Sweeping types
      • STIX indicator patterns for sweeping
    • Suspicious Object Management
      • Suspicious Object List
        • Adding or importing suspicious objects
        • Suspicious object actions
      • Exception list
        • Adding exceptions
    • Sandbox Analysis
      • Consolidated analysis results
      • Submitting objects for analysis
      • Submission settings
      • Supported file types
      • Possible reasons for analysis failure
    • Third-Party Intelligence
      • TAXII feeds
        • Configuring a TAXII feed
      • MISP feeds
    • Trend Threat Intelligence Feed
      • Setting up the API for Trend Threat Intelligence Feed
  • Workflow and Automation
    • Case Management
      • Trend Vision One cases
        • Create Case Management ticket profiles
          • Create a ticket profile for Jira
          • Create a ticket profile for ServiceNow ITSM
      • MDR (Managed XDR) case list
      • Case viewer
      • Troubleshooting and FAQs
        • Frequently asked questions
        • Troubleshooting Case Management
    • Security Playbooks
      • Security playbooks requirements
      • Execution results
        • Execution details
          • Action details
      • User-defined playbooks
        • Create Security Awareness Training Campaign playbooks
        • Create Automated High-Risk Account Response playbooks
        • Create Account Response playbooks
        • Create Risk Event Response playbooks
        • Create CVEs with Global Exploit Activity playbooks
        • Create Workbench Insight Progression Update playbooks
        • Create Automated Response Playbooks
        • Create Endpoint Response playbooks
      • Template-based playbooks
        • Create Incident Response Evidence Collection playbooks
          • Supported evidence types
            • Basic information
            • File timeline
            • Process information
            • Network information
            • Service information
            • System execution
            • Account information
            • User activity
            • Portable Executable (PE) attributes
      • Playbook nodes
    • Response Management
      • Response actions
        • Add to Block List task
        • Add to Zscaler Restricted User Group task
        • Collect Evidence task
        • Collect File task
        • Collect Network Analysis Package task
        • Delete Message task
        • Disable User Account task
        • Enable User Account task
        • Force Password Reset task
        • Force Sign Out task
        • Isolate Endpoint task
        • Isolate Container task
        • Quarantine Message task
        • Remove from Block List task
        • Remove from Zscaler Restricted User Group task
        • Revoke Access Permission task
        • Restore Connection task
        • Restore Message task
        • Resume Container task
        • Run osquery task
        • Run Remote Custom Script task
          • Sample signed PowerShell script
        • Run YARA rules task
        • Scan for Malware task
        • Start Remote Shell Session task
          • Remote Shell Commands for Windows Endpoints
          • Remote Shell Commands for Linux Endpoints
          • Remote Shell Commands for Mac Endpoints
        • Submit for Sandbox Analysis task
        • Terminate Process task
        • Terminate Container task
      • Response data
      • Response Management settings
        • Allow network traffic on isolated endpoints
        • Exclude specified endpoints from response actions
        • Configure time-out settings
        • Require approval for specified response actions
    • Data Source and Log Management
      • Cyber Risk Exposure Management data sources
      • XDR Threat Investigation data sources
        • Third-Party Log Collection
          • Log repositories
            • Create a log repository
          • Collectors
          • Add a collector
          • Monitor log repository traffic and retention
          • Install the Third-Party Log Collection service on a Service Gateway
      • Troubleshooting and frequently asked questions
    • Third-Party Integration
      • Active Directory (on-premises) integration
        • Active Directory data usage in associated apps
        • Configuring data synchronization and user access control
          • Active Directory permissions
        • Security event forwarding
      • AttackIQ BAS integration
      • AWS S3 bucket connector
        • Connecting an AWS S3 bucket
        • Configuring roles for the AWS S3 bucket connector
        • Data specification for AWS S3 buckets
      • Check Point Open Platform for Security (OPSEC) integration
      • Cisco XDR integration
      • Claroty xDome integration
      • Cloud Pak for Security integration
      • Cortex XSOAR integration
        • Creating a user role for Cortex XSOAR integration
      • Cyber Risk Exposure Management for Splunk integration
      • Cyborg Security - HUNTER integration
      • Cymulate integration
      • D3 Security integration
      • Elastic integration
      • FortiGate Next-Generation Firewall integration
      • Greenbone Integration
      • Google Cloud Identity integration
        • Overview of access permissions to Google Cloud Identity data
        • Google Cloud Identity data usage in associated apps
        • Configuring Google Cloud Identity integration
        • Revoking Google Cloud Identity permissions
      • Google Security Operations SOAR (Siemplify) integration
      • Google Security Operations SIEM integration
        • Unified Data Model (UDM) mapping
          • Workbench alerts
          • OAT
          • Detections
          • Audit logs
          • Container vulnerabilities
          • Activity data
      • IBM SOAR integration
      • Invision integration
      • Jira Service Management integration (for Workbench and Response Management)
      • Jira Cloud integration (for Case Management)
      • Kong Gateway
      • Logpoint SIEM integration
      • Logpoint SOAR integration
      • LogRhythm SIEM integration
      • Microsoft Entra ID integration
        • Overview of access permissions to Microsoft Entra ID data
        • Microsoft Entra ID data usage in associated apps
        • Configure Microsoft Entra ID integration
        • Migrate from Azure AD Graph APIs to Microsoft Graph APIs
        • Block Microsoft Entra ID permissions
        • Assign the Password Administrator role
        • Assign the Global Reader role
        • Troubleshoot Microsoft Entra ID connections
      • Microsoft Power BI integration
      • Microsoft Sentinel integration
        • Deploy the Trend Vision One connector in Microsoft Sentinel
        • View the ingested data in Log Analytics workspaces
      • MISP integration (via Service Gateway)
      • MISP integration (via direct connection)
      • Nessus Pro integration
      • Netskope CTE integration
      • Nozomi Vantage integration
      • Okta integration
        • Configuring Okta tenants
        • Obtaining your Okta URL domain and API token
      • OpenLDAP integration
      • Palo Alto Panorama integration
      • Picus Security integration
      • Plain text (freetext) feed integration
      • ProxySG and Advanced Secure Gateway integration
      • QRadar on Cloud with STIX-Shifter integration
      • QRadar XDR integration
      • Qualys integration
      • Rapid7 - InsightVM integration
      • Rapid7 - Nexpose integration
      • ReliaQuest GreyMatter integration
      • Rescana integration
      • SafeBreach BAS integration
      • Salesforce integration
        • Configuring Salesforce tenants
      • Securonix SIEM integration
      • ServiceNow ITSM integration (for Workbench)
      • ServiceNow ticketing system integration (for Security Playbooks and Case Management)
        • Configure ServiceNow ITSM to enable Trend Vision One for ServiceNow Ticketing System
      • Splunk HEC connector configuration
      • Splunk SOAR integration
      • Splunk XDR integration
      • Syslog connector (on-premises) configuration
      • Syslog connector (SaaS/cloud) configuration
      • Syslog content mapping - CEF
        • CEF Workbench logs
        • CEF Observed Attack Techniques logs
        • CEF account audit logs
        • CEF system audit logs
      • TAXII feed integration
      • Tanium Comply integration
      • Tenable Security Center integration
      • Tenable Vulnerability Management integration
      • ThreatQ integration
      • VirusTotal integration
      • VU integration
      • Zscaler Internet Access integration
      • Zscaler Private Access integration
    • API Automation Center
    • Service Gateway Management
      • Getting started with Service Gateway
        • Service Gateway overview
        • What's new in Service Gateway Management
        • Mapping your Service Gateway deployment
        • Service Gateway appliance system requirements
          • Service Gateway virtual appliance communication ports
          • Service Gateway sizing guide for endpoints
        • Deployment guides
          • Deploying a Service Gateway virtual appliance with VMware ESXi
          • Deploying a Service Gateway virtual appliance with Microsoft Hyper-V
          • Deploying a Service Gateway virtual appliance with Nutanix AHV
          • Deploying a Service Gateway virtual appliance with AWS
          • Deploying a Service Gateway virtual appliance with Microsoft Azure
          • Deploying a Service Gateway virtual appliance with GCP
          • Upgrading from Service Gateway 2.0 to 3.0
          • Migrating from Service Gateway 1.0 to 3.0
      • Service Gateway appliance configuration
        • Managing services in Service Gateway
          • Service Gateway services
          • ActiveUpdate configuration
          • Smart Protection Services
            • Smart Protection Services product support
            • Connecting Trend Micro products to Smart Protection Server
          • Forward Proxy Service
            • Predefined allow list for Trend Micro services
        • Configuring Service Gateway settings
          • Cloud service extension
          • SNMP trap messages defined for Service Gateway
        • Managing Service Gateway storage
        • Creating Service Gateway configuration profiles
      • Service Gateway Management (legacy)
        • Service Gateway 1.0 appliance system requirements
        • Configuring Service Gateway settings
        • Switching from Service Gateway 1.0 to the latest version
          • Migrating from Service Gateway 1.0 to 2.0
          • Upgrading from Service Gateway 1.0 to 2.0
          • Upgrading from Service Gateway 2.0 to 3.0
          • Migrating from Service Gateway 1.0 to 3.0
      • Service Gateway troubleshooting and FAQs
        • Service Gateway FAQs
        • Troubleshooting Service Gateway
          • Service Gateway support settings
          • Service Gateway CLI commands
            • Service Gateway 1.0 CLI commands
          • Service Gateway 2.0 migration troubleshooting
    • Trend Companion
      • Troubleshooting and FAQ
        • Frequently asked questions
  • Zero Trust Secure Access
    • Getting started with Zero Trust Secure Access
      • What is Zero Trust Secure Access?
      • Preparing to deploy Private Access, Internet Access, and AI Service Access services
        • Zero Trust Secure Access credit settings
        • System requirements
          • Private Access Connector system requirements and sizing guide
          • Secure Access Module system requirements
          • Internet Access On-Premises Gateway system sizing recommendations
        • Traffic protocol support
        • Port and FQDN/IP address requirements
          • Australia - Zero Trust Secure Access FQDNs/IP addresses
          • Europe - Zero Trust Secure Access FQDNs/IP addresses
          • India - Zero Trust Secure Access FQDNs/IP addresses
          • Japan - Zero Trust Secure Access FQDNs/IP addresses
          • Singapore - Zero Trust Secure Access FQDNs/IP addresses
          • Americas - Zero Trust Secure Access FQDNs/IP addresses
          • Middle East and Africa - Zero Trust Secure Access FQDNs/IP addresses
        • Deployment considerations
          • Private Access - client vs browser access
          • Internet Access and AI Service Access - connecting with or without the Secure Access Module
            • Traffic forwarding options for Internet Access and AI Service Access
          • Supported authentication methods for Internet Access and AI Service Access
      • Deployment guides
        • Setting up Zero Trust Secure Access Private Access
          • Identity and access management integration
            • Microsoft Entra ID integration and SSO for Zero Trust Secure Access
            • Okta integration and SSO for Zero Trust Secure Access
            • Active Directory (on-premises) integration and SSO for Zero Trust Secure Access
            • OpenLDAP integration and SSO for Zero Trust Secure Access
            • Google Cloud Identity integration and SSO for Zero Trust Secure Access
          • Private Access Connector deployment
            • Deploying the Private Access Connector on VMware ESXi
            • Deploying the Private Access Connector on AWS Marketplace
              • Manual Scaling
              • Automatic Scaling
              • Configure IMDSv2 in AWS deployments
                • Configure IMDSv2 from LaunchTemplate
                • Configure IMDSv2 from deployed EC2 connectors
            • Deploying the Private Access Connector on Microsoft Azure
              • Manual Scale
              • Custom Autoscale
            • Deploying the Private Access Connector on Google Cloud Platform
            • Deploying the Private Access Connector on Microsoft Hyper-V
            • Private Access Connector CLI commands
          • Secure Access Module deployment
            • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • User portal for Private Access configuration
        • Setting up Zero Trust Secure Access Internet Access and AI Service Access
          • Identity and access management integration
            • Microsoft Entra ID integration and SSO for Zero Trust Secure Access
            • Okta integration and SSO for Zero Trust Secure Access
            • Active Directory On-Premises integration and SSO for Zero Trust Secure Access
              • NTLM or Kerberos single sign-on for Internet Access
            • OpenLDAP integration and SSO for Zero Trust Secure Access
            • Google Cloud Identity integration and SSO for Zero Trust Secure Access
          • Identifying corporate network locations
            • Adding corporate locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
          • Secure Access Module deployment
            • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • PAC file configuration
            • PAC file configuration guidance
          • PAC file deployment
            • Secure Access Module configuration
            • Browser configuration
            • GPO creation
        • Setting up Zero Trust Secure Access Risk Control
        • Deploy Zero Trust Secure Access Module in restricted environment
        • Upgrading from Trend Micro Web Security to Zero Trust Secure Access Internet Access and AI Service Access
          • Trend Micro Web Security Features and Settings Migration
          • Identity and Access Management Integration
            • Integrating Microsoft Entra ID and SSO for Zero Trust Secure Access
            • Integrating Okta and SSO for Zero Trust Secure Access
            • Integrating Active Directory (On-Premises) and SSO for Zero Trust Secure Access
            • Integrating OpenLDAP and SSO for Zero Trust Secure Access
          • Corporate Network Locations
            • Adding Corporate Locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
              • Internet Access On-Premises Gateway system sizing recommendations
          • Post-Migration Checklist
        • Upgrading from InterScan Web Security to Zero Trust Secure Access Internet Access and AI Service Access
          • InterScan Web Security Features and Settings Migration
          • Identity and Access Management Integration
            • Integrating Microsoft Entra ID and SSO for Zero Trust Secure Access
            • Integrating Okta and SSO for Zero Trust Secure Access
            • Integrating Active Directory (On-Premises) and SSO for Zero Trust Secure Access
            • Integrating OpenLDAP and SSO for Zero Trust Secure Access
          • Corporate Network Locations
            • Adding Corporate Locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
          • Post-Migration Checklist
      • Ranges and limitations
    • Secure access overview
      • Risk Control
      • Private Access
      • Internet Access
      • AI Service Access
    • Secure access rules
      • Creating a risk control rule in playbook view
        • Risk Control Rule components in playbook view
      • Modifying a risk control rule in classic view
        • Secure access rule templates
      • Creating a private access rule
      • Creating an internet access rule
      • Creating an AI service access rule
      • Zero Trust actions
        • Block AI Service, Cloud App, or URL Access task
        • Block Internal App Access task
        • Disable User Account task
        • Enable User Account task
        • Force Password Reset task
          • Assigning the password administrator role
        • Force Sign Out task
        • Isolate Endpoint task
        • Restore Connection task
        • Unblock AI Service, Cloud App, or URL Access task
        • Unblock Internal App Access task
    • Secure access resources
      • Device posture profiles
        • Adding a device posture profile
          • List of supported vendors
          • Getting the certificate location using PowerShell
      • File profiles
        • Adding a file profile
      • Threat protection rules
        • Adding a threat protection rule
          • Supported files for Sandbox Analysis
      • Data loss prevention rules
        • Adding a data loss prevention rule
        • Data loss prevention templates
          • Predefined DLP templates
          • Custom DLP templates
            • Condition statements and logical pperators
            • Adding a custom data loss prevention template
        • Data identifier types
          • Expressions
            • Predefined expressions
            • Custom expressions
              • Criteria for custom expressions
              • Adding a custom expression
          • File attributes
            • Predefined file attributes list
            • Adding a custom file attribute list
          • Keyword lists
            • Predefined keyword lists
            • How keyword lists work
              • Number of keywords condition
              • Distance condition
            • Custom keyword lists
              • Custom keyword list criteria
              • Adding a custom keyword list
      • AI content inspection rules
      • Custom URL categories
        • URL filtering category groups
      • Custom cloud app categories
        • Adding a custom cloud app category
      • IP address groups
        • Adding an IP address group
      • Tenancy restrictions
        • Adding a tenancy restriction
      • HTTP/HTTPS traffic filters
        • Adding an HTTP/HTTPS traffic filter
    • Secure access history
    • Secure access configuration
      • Private Access configuration
        • Private Access Connector configuration
          • Private Access Connector management
        • Internal application configuration
          • Adding an internal application to Private Access
            • Trend Micro Web App Discovery Chrome extension
          • Discovering internal applications
          • Managing certificates
            • Adding a server certificate
            • Adding an enrollment certificate
        • Global settings
          • User portal for Private Access configuration
      • Internet Access and AI Service Access configuration
        • Internet Access gateways and corporate network locations
          • Adding corporate locations to the Internet Access Cloud Gateway
          • Deploying an Internet Access On-Premises Gateway
            • Configuring upstream proxy rules
            • Configuring bandwidth control
              • Configuring a bandwidth control rule
            • Configuring reverse proxy mode
              • Managing rate limiting rules
            • Enable FTP proxy on an Internet Access On-premises gateway
            • Syslog content mapping - CEF
        • PAC files
          • Configuring PAC files
        • HTTPS inspection
          • HTTPS inspection rules
            • Adding an HTTPS inspection rule
            • Cross-signing a CA certificate
            • Deploying the built-in CA certificate
          • Inspection exceptions
            • Adding a domain exception
          • TLS and SSL certificates
            • Root and intermediate CA certificates
            • Server certificates
        • URL allow and deny lists
        • Bypass URL list for the Windows agent
        • Global settings
          • Configuring NTLM or Kerberos single sign-on with Active Directory (on-premises)
            • Configuring the authentication proxy service for corporate intranet locations
            • Configuring the authentication proxy service for corporate intranet locations and public or home networks
            • Configure load balancers to use multiple Internet Access on-premises gateways as the authentication proxy
              • Configuring Nginx as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring HAProxy as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring F5 BIG-IP LTM as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring Linux Virtual Server (LVS) as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring DNS round-robin mode as a load balancing method for use with multiple Internet Access on-premises gateways
            • Preparing your environment for NTLM or Kerberos single sign-on
          • Outbound static IP settings
          • X-Forwarded-For headers
      • Identity and access management (IAM)
        • Supported IAM systems and required permissions
        • Local user account management
      • Secure Access Module
        • Secure Access Module system requirements
        • Secure Access Module deployment
          • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • Setting up permissions for the Secure Access Module on endpoints using macOS versions 11 to 14
          • Setting up permissions for the Secure Access Module on endpoints using macOS version 15 or later
        • PAC File replacement
          • Replacing the PAC file on Trend Vision One Endpoint Security agents
        • Enabling Zero Trust Secure Access on mobile devices
        • Configure settings for restricted environment
        • Collecting debug logs from endpoints
      • Customization settings
      • Configuring the agent upgrade rate
    • Recommended practices
      • Recommended practice to deploy Private Access
    • Troubleshooting Zero Trust Secure Access
      • Internet Access connection troubleshooting
      • Private Access connection troubleshooting
      • Secure Access Module troubleshooting
  • Assessment
    • Cyber Risk Assessment
      • Cloud Risk Management Assessment
      • Identity Posture Assessment
      • Exchange Online Mailbox/Gmail Assessment
      • Phishing Simulation Assessment
        • Phishing Simulation Assessment general allow list settings
          • Setting up a Trend Micro Email Security allow list
          • Setting up a Microsoft 365 Defender allow list
            • Troubleshooting the Microsoft Defender for Office 365 Allow List
          • Setting up a Google Workspace allow list
        • Verifying domain ownership
      • At-Risk Endpoint Assessment
        • Assessment tool deployment
          • Deploying the assessment tool to Linux endpoints
          • Deploying the assessment tool to macOS endpoints
          • Deploying the assessment tool to Windows endpoints
  • Data Security
    • Data Security
      • Get started with Data Security
      • Data Security Posture
        • Get started with Data Security Posture
          • Enable Data Security Posture for your AWS cloud accounts
          • Enable or disable Data Security Posture for cloud storage assets
          • Enable Amazon Macie
        • Data Risk
        • Top Risky Assets with Sensitive Data
        • Sensitive Data Overview
        • Sensitive Data by Location
        • Exposure Risk Events
      • Data Policy
        • Add a data policy
      • Data Inventory
      • Track sensitive data movement
        • View sensitive data alerts in Workbench
        • View sensitive data events in Observed Attack Techniques
        • Track data lineage
  • Identity Security
    • Identity Security Posture
      • Overview
        • Identity Summary
      • Exposure
        • Exposure risk event profile
      • Attack
        • Attack risk event profile
    • Identity Inventory
      • Get started with Identity Inventory
        • Grant Microsoft Entra ID permissions for use in Identity Inventory
        • Set up Active Directory (on-premises) requirements and permissions for use in Identity Inventory
      • Microsoft Entra ID
        • Overview
        • User
        • Enterprise Application
        • Device
        • Group
        • Role
        • Access Policy
        • Granted Permission
      • Active Directory (on-premises)
        • Overview
        • User
          • Active Directory user account controls
        • Service Account
        • Computer
        • Group
          • Active Directory (on-premises) default privileged security groups
        • Group Policy
        • Trust Relationships
          • Active Directory trust attributes
    • FAQs
      • Microsoft Entra ID data used by Identity Security
      • Active Directory data used by Identity Security
  • Endpoint Security
    • Getting started with Trend Vision One Endpoint Security
      • Evaluating Trend Vision One Endpoint Security
        • Evaluating Standard Endpoint Protection
          • Moving Agents with the Apex One Server Console
          • Moving Agents with the IPXfer Tool
        • Evaluating Server & Workload Protection
          • Moving Trend Cloud One Agents Quick Guide
          • Moving Trend Cloud One Agents Complete Guide
          • Returning Agents to Trend Cloud One - Endpoint & Workload Security
      • Update Trend Micro Endpoint Solutions
        • Endpoint Inventory update considerations for customers migrating multiple consoles
        • Feature differences between Trend Vision One Endpoint Security and Endpoint Inventory 2.0
        • Update from Apex One as a Service
          • Apex One as a Service to Standard Endpoint Protection Feature Mapping
          • New Trend Vision One Customers Updating Apex One as a Service from an Activation Email
          • Existing Trend Vision One Customers Updating Apex One as a Service from an Activation Email
          • Existing Trend Vision One Customers Updating Apex One as a Service from the Trend Vision One Console
        • Update from Apex One On-Premises
          • Before You Migrate
          • Migrating Agents with the Apex One Server Console
          • Migrating Agents with the IPXfer Tool
        • Update from Trend Cloud One - Endpoint & Workload Security
          • Trend Cloud One - Endpoint & Workload Security to Server & Workload Protection feature mapping
          • New Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from an activation email
          • Existing Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from an activation email
          • Existing Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from the Trend Vision One console
          • Migrating a Trend Cloud One - Endpoint & Workload Security instance billed to AWS Marketplace
        • Post-Update Tasks
      • Setting up Endpoint Security for new Trend Micro customers
      • Deploy a Service Gateway and Configure Firewall Exceptions
        • Service Gateway appliance system requirements
        • Service Gateway sizing guide for endpoints
        • Deploying a Service Gateway Virtual Appliance with VMware ESXi
        • Deploying a Service Gateway Virtual Appliance with Microsoft Hyper-V
      • Manage your agent deployments
        • Manage endpoint groups
        • Configure endpoint proxies and policies
        • Deploy agents
          • Standard Endpoint Protection agent deployment
          • Server & Workload Protection agent deployment
          • Endpoint Sensor agent deployment
          • Deployment using the offline installer package
          • Install the Endpoint Security agent image builder
            • Retrieve the Trend Vision One parameters
            • Set parameter store values
            • Set up the image builder and create an Amazon Elastic Compute Cloud (EC2) instance
          • Run the deployment script
            • Troubleshooting the Deployment Script
          • Deployment using a golden image
            • Creating a golden image with the agent software
            • Updating the agent for golden image templates
          • Deploying Agents with a Software Management System
            • Deploying Agents Using Microsoft Intune
              • Standard Endpoint Protection Agent Deployment using Microsoft Intune
              • Server & Workload Protection Agent Deployment using Microsoft Intune
              • Endpoint Sensor Agent Deployment using Microsoft Intune
            • Deploying Agents Using Microsoft Endpoint Configuration Manager (SCCM)
            • Deploying Agents Using Group Policy Objects
              • Group Policy Object Sample Script
        • Remove Endpoints
    • Endpoint Inventory
      • Endpoint Management
        • Standard Endpoint Protection Management
        • Server & Workload Protection Management
        • Connected Endpoint Protection Management
      • Global Settings
        • Endpoint Settings
        • Agent Installer Proxy Settings
          • Configuring a custom agent installer proxy
        • Runtime Proxy Settings
          • Configuring Runtime Proxy policies
          • Runtime Proxy priority behavior
      • Trend Vision One Endpoint Security agent system requirements
        • Standard and extended support policies for agents
        • Standard Endpoint Protection system requirements
        • Server & Workload Protection system requirements
          • Linux Secure Boot support
            • Configure Linux Secure Boot for agents
          • Server & Workload Protection relay requirements
          • Server & Workload Protection bandwidth sizing
          • Server & Workload Protection sizing for Squid Proxy
        • Endpoint Sensor-only system requirements
      • Endpoint Inventory table columns
      • Updating the agent on virtual desktops
      • Uninstalling Agents
        • Uninstall Windows Agents with the Tool
        • Uninstall Windows Agents with Microsoft Intune
        • Uninstall macOS Agents with the Tool
        • Uninstall the Standard Endpoint Protection Agent
          • Uninstall the Windows Agent Locally
          • Uninstall the Windows Agent from the Endpoint Group Manager Console
          • Uninstall the macOS Agent from the Endpoint Group Manager Console
        • Uninstall the Server & Workload Protection Agent
          • Uninstall an agent (Windows)
          • Uninstall an agent (Linux)
          • Uninstall an agent (Solaris 10)
          • Uninstall an agent (Solaris 11)
          • Uninstall an agent (AIX)
          • Uninstall an agent (macOS)
          • Uninstall an agent (Red Hat OpenShift)
          • Uninstall the notifier
        • Cleaning Up Uninstalled Agents
      • Trend Vision One Endpoint Security Endpoint Inventory FAQ
        • Endpoint list FAQ
        • Automatic disabling of Activity Monitoring after updating to Server & Workload Protection
        • What happens when a removed endpoint reconnects to Trend Vision One Endpoint Security?
        • What telemetry does the endpoint agent collect from Windows?
        • Linux CLI commands
    • Endpoint Security Configuration
      • Endpoint Security Policies
        • Updating to Endpoint Security Policies
        • About endpoint security policies
        • Configuring endpoint security policies
        • About Monitoring Level
        • Network Content Inspection Engine for Endpoint Sensor
      • Version Control Policies
        • Version control policies feature enrollment
        • Version control policies agent requirements
        • Configuring version control policies
        • Version control policies troubleshooting and FAQ
          • Components managed by Version Control Policies
          • Version control policies FAQ
    • Standard Endpoint Protection
      • About the Dashboard
        • Tabs and Widgets
          • Working with Tabs
          • Working with Widgets
        • Default Dashboard Tabs and Widgets
          • Summary Tab
            • Critical Threats Widget
            • Users with Threats Widget
            • Endpoints with Threats Widget
            • Product Component Status Widget
            • Product Connection Status Widget
            • Ransomware Prevention Widget
          • Security Posture Tab
            • Compliance Indicators
            • Critical Threats
            • Resolved Events
            • Security Posture Chart
            • Security Posture Details Pane
          • Data Loss Prevention Tab
            • DLP Incidents by Severity and Status Widget
            • DLP Incident Trends by User Widget
            • DLP Incidents by User Widget
            • DLP Incidents by Channel Widget
            • DLP Template Matches Widget
            • Top DLP Incident Sources Widget
            • DLP Violated Policy Widget
          • Compliance Tab
            • Product Application Compliance Widget
            • Product Component Status Widget
            • Product Connection Status Widget
            • Agent Connection Status Widget
          • Threat Statistics Tab
            • Apex Central Top Threats Widget
            • Apex Central Threat Statistics Widget
            • Threat Detection Results Widget
            • C&C Callback Events Widget
        • Standard Endpoint Protection Dashboard Widgets
          • Apex Central Top File-based Threats Widgets
          • Hosts with C&C Callback Attempts Widget
          • Unique Compromised Hosts Over Time Widget
        • Apex One Dashboard Widgets
          • Top Blocked Applications
          • Top Endpoints Affected by IPS Events Widget
          • Top IPS Attack Sources
          • Top IPS Events
          • Top Violated Application Control Criteria
        • Apex One (Mac) Dashboard Widgets
          • Key Performance Indicators Widget
            • Configuring Key Performance Indicators
            • Configuring Widget Settings
      • Directories
        • User/Endpoint Directory
          • User/Endpoint Directory
          • User Details
            • Security Threats for Users
            • Policy Status
            • Contact Information
              • Synchronizing Contact Information with Active Directory
          • Endpoint Details
            • Labels
              • Creating a Custom Label or Auto-label Rule
              • Assigning/Removing Labels
              • Using Labels to Query Logs
              • Specifying Labels as Policy Targets
              • Specifying Labels as Report Targets
            • Endpoint Information
            • Security Threats on Endpoints
            • Policy Status
            • Notes for Endpoints
            • General Information for Endpoints
            • Isolating Endpoints
          • Active Directory Details
          • Affected Users
            • General Information for Security Threats
          • Using the Advanced Search
            • Advanced Search Categories
          • Custom Tags and Filters
            • Custom Tags
              • Creating a Custom Tag
              • Assigning Custom Tags to Users/Endpoints
            • Filters
              • Default Endpoint Filters
              • Creating a Custom Filter
            • User or Endpoint Importance
        • Product Servers
      • Policy Management
        • Policy Management
          • Policy Management
            • Creating a New Policy
              • Filtering by Criteria
                • Assigning Endpoints to Filtered Policies
              • Specifying Policy Targets
              • Labels
              • Working with Parent Policy Settings
            • Copying Policy Settings
            • Inheriting Policy Settings
            • Modifying a Policy
            • Importing and Exporting Policies
            • Deleting a Policy
            • Changing the Policy Owner
            • Understanding the Policy List
            • Reordering the Policy List
          • Policy Status
        • Apex One Security Agent Policies
          • Anti-malware Scans
            • General Settings
              • Guidelines for Switching Scan Methods
            • Real-time Scan
              • Configuring Real-time Scan Settings
                • Real-time Scan: Target Tab
                • Real-time Scan: Action Tab
                • Real-time Scan: Scan Exclusion Tab
            • Scheduled Scan
              • Configuring Scheduled Scan Settings
                • Scheduled Scan: Target Tab
                • Scheduled Scan: Action Tab
                • Scheduled Scan: Scan Exclusion Tab
            • Manual Scan
              • Configuring Manual Scan Settings
                • Manual Scan: Target Tab
                • Manual Scan: Action Tab
                • Manual Scan: Scan Exclusion Tab
            • Scan Now
              • Configuring Scan Now Settings
                • Scan Now: Target Tab
                • Scan Now: Action Tab
                • Scan Now: Scan Exclusion Tab
            • Scan Actions
              • ActiveAction
              • Custom Scan Actions
                • Quarantine Directory
              • Uncleanable Files
                • Files Infected with Trojans
                • Files Infected with Worms
                • Write-protected Infected Files
                • Password-protected Files
                • Backup Files
            • Scan Exclusion Support
              • Trend Micro Product Directory Exclusions
              • Wildcard Exceptions
          • Advanced Threat Protection
            • Behavior Monitoring Policy Settings
              • Behavior Monitoring
                • Behavior Monitoring Rules
                • Behavior Monitoring Exception List
                  • Exception List Wildcard Support
                  • Exception List Environment Variable Support
              • Configuring Behavior Monitoring Rules and Exceptions
            • Predictive Machine Learning
              • Configuring Predictive Machine Learning Settings
            • Web Reputation Policy Settings
              • Web Reputation
              • Configuring a Web Reputation Policy
                • HTTPS URL Scan Support
            • Configuring Suspicious Connection Settings
            • Vulnerability Protection Policy Settings
              • Vulnerability Protection
              • Configuring Vulnerability Protection Settings
                • Advanced Logging Policy Modes
            • Device Control Policy Settings
              • Device Control
              • Configuring Device Control Settings
                • Permissions for Devices
                • Wildcard Support for the Device Control Allowed Programs List
                • Specifying a Digital Signature Provider
            • Application Control Policy Settings
              • Application Control
              • Configuring Application Control Settings (Agent)
          • Detection & Response
            • Configuring Sample Submission Settings
          • Exceptions
            • Trusted Program List
              • Configuring the Trusted Programs List
            • Rule Exceptions
              • Configuring Rule Exceptions
            • Spyware/Grayware Approved List
              • Managing the Spyware/Grayware Approved List
          • Agent Configurations
            • Update Agents
              • Assigning Trend Vision One Endpoint Security agents as Update Agents
            • Privileges and Other Settings
              • Configuring Agent Privileges
              • Configuring Other Agent Settings
                • Security Agent Self-protection
                  • Protect Security Agent Services
                  • Protect Files in the Security Agent Installation Folder
                  • Protect Security Agent Registry Keys
                  • Protect Security Agent Processes
                • Cache Settings for Scans
                  • Digital Signature Cache
                  • On-demand Scan Cache
                • POP3 Mail Scan
            • Additional Service Settings
              • Configuring Additional Trend Vision One Endpoint Security agent Services
        • Apex One (Mac) Policy Settings
          • Anti-malware Scans
            • General Settings
              • Scan Methods Compared
              • Switching from Smart Scan to Conventional Scan
              • Switching from Conventional Scan to Smart Scan
            • Real-time Scan
              • Configuring Real-time Scan Settings
                • Real-time Scan: Target Tab
                • Real-time Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
            • Manual Scan
              • Configuring Manual Scan Settings
                • Manual Scan: Target Tab
                • Manual Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
            • Scheduled Scan
              • Configuring Scheduled Scan Settings
                • Scheduled Scan: Target Tab
                • Scheduled Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
          • Advanced Threat Protection
            • Predictive Machine Learning Settings
            • Web Reputation
              • Configuring Web Reputation Settings
              • Configuring the Approved and Blocked URL Lists
            • Device Control
              • Configuring Device Control Settings
              • Permissions for Storage Devices
          • Detection and Response
          • Exceptions
            • Scan Exclusions
              • Configuring Scan Exclusion Lists
            • Trusted Program List
              • Configuring the Trusted Program List
          • Agent Configurations
            • Update Settings
              • Pure IPv6 Agent Limitations
              • Configuring Agent Update Settings
            • Cache Settings for Scans
            • Privileges and Other Settings
              • Protected Trend Vision One Endpoint Security agent Files
        • Apex One Server Policy Settings
          • Global Agent Settings
            • Security Settings
            • System Settings
              • Root Certificate Locations
            • Network Settings
            • Agent Control Settings
        • Apex One Data Loss Prevention Policies
          • Apex One Data Discovery Dashboard Widgets
            • Top Sensitive File Policy Detections Widget
            • Top Endpoints with Sensitive Files Widget
            • Top Data Discovery Template Matches Widget
            • Top Sensitive Files Widget
          • Apex One Data Discovery Policy Settings
            • Creating Data Discovery Policies
          • Apex One Data Loss Prevention Policy Settings
            • Data Loss Prevention (DLP)
            • Configuring a Data Loss Prevention Policy
              • Configuring Data Loss Prevention Rules
                • Transmission Scope and Targets for Network Channels
                • Network Channels
                  • Email Clients
                • System and Application Channels
                • Device List Tool
                  • Running the Device List Tool
                • Data Loss Prevention Actions
              • Data Loss Prevention Exceptions
                • Defining Non-monitored and Monitored Targets
                  • Transmission Scope: All Transmissions
                  • Transmission Scope: Only Transmissions Outside the Local Area Network
                • Decompression Rules
        • Policy Resources
          • Application Control Criteria
            • Defining Allowed Application Criteria
            • Defining Blocked Application Criteria
            • Application Match Methods
              • Application Reputation List
              • File Paths
                • File Path Example Usage
              • Certificates
              • Hash Values
          • Data Loss Prevention
            • Data Identifier Types
              • Expressions
                • Predefined Expressions
                  • Viewing Settings for Predefined Expressions
                • Customized Expressions
                  • Criteria for custom expressions
                  • Creating a Customized Expression
                  • Importing Customized Expressions
              • File Attributes
                • Creating a File Attribute List
                • Importing a File Attribute List
              • Keywords
                • Predefined Keyword Lists
                • How keyword lists work
                  • Number of keywords condition
                  • Distance condition
                • Custom keyword lists
                  • Custom keyword list criteria
                  • Creating a Keyword List
                  • Importing a Keyword List
            • Data Loss Prevention Templates
              • Predefined DLP Templates
              • Custom DLP templates
                • Condition statements and logical pperators
                • Creating a Template
                • Importing Templates
          • Intrusion Prevention Rules
            • Intrusion Prevention Rule Properties
          • Device Control Allowed Devices
      • Suspicious Object Sync - Distribution Settings
        • Suspicious Object Hub and Node Architecture
          • Suspicious Object Hub and Node Apex Central Servers
          • Configuring the Suspicious Object Hub and Nodes
          • Unregistering a Suspicious Object Node from the Hub Apex Central
          • Configuration Notes
      • Live Investigations
        • Starting a One-time Investigation
          • One-Time Investigation
        • Starting a Scheduled Investigation
          • Scheduled Investigation
          • Reviewing the Scheduled Investigation History
        • Supported IOC Indicators for Live Investigations
        • Investigation Results
          • Analysis Chains
            • Object Details: Profile Tab
            • Object Details: Related Objects Tab
            • Email Message Correlation
            • Navigating the Analysis Chain
            • Root Cause Analysis Icons
          • Object Details
      • Logs & Reports
        • Logs
          • Querying Logs
            • Log Names and Data Views
          • Configuring Log Aggregation
          • Configuring Syslog Forwarding
            • Disabling Syslog Forwarding
            • Supported Log Types and Formats
          • Deleting Logs
        • Notifications
          • Event Notifications
          • Contact Groups
            • Adding Contact Groups
            • Editing Contact Groups
          • Advanced Threat Activity Events
            • Attack Discovery Detections
            • Behavior Monitoring Violations
            • C&C Callback Alert
            • C&C Callback Outbreak Alert
            • Correlated Incident Detections
            • Email Messages with Advanced Threats
            • High Risk Virtual Analyzer Detections
            • High Risk Host Detections
            • Known Targeted Attack Behavior
            • Potential Document Exploit Detections
            • Predictive Machine Learning Detections
            • Rootkit or Hacking Tool Detections
            • SHA-1 Deny List Detections
            • Watchlisted Recipients at Risk
            • Worm or File Infector Propagation Detections
          • Content Policy Violation Events
            • Email Policy Violation
            • Web Access Policy Violation
          • Data Loss Prevention Events
            • Incident Details Updated
            • Scheduled Incident Summary
            • Significant Incident Increase
            • Significant Incident Increase by Channel
            • Significant Incident Increase by Sender
            • Significant Incident Increase by User
            • Significant Template Match Increase
          • Known Threat Activity Events
            • Network Virus Alert
            • Special Spyware/Grayware Alert
            • Special Virus Alert
            • Spyware/Grayware Found - Action Successful
            • Spyware/Grayware Found - Further Action Required
            • Virus Found - First Action Successful
            • Virus Found - First Action Unsuccessful and Second Action Unavailable
            • Virus Found - First and Second Actions Unsuccessful
            • Virus Found - Second Action Successful
            • Virus Outbreak Alert
          • Network Access Control Events
            • Network VirusWall Policy Violations
            • Potential Vulnerability Attacks
          • Unusual Product Behavior Events
            • Managed Product Unreachable
            • Real-time Scan Disabled
            • Real-time Scan Enabled
          • Standard Token Variables
            • Attack Discovery Token Variables
            • Advanced Threat Activity Token Variables
            • C&C Callback Token Variables
            • Content Policy Violation Token Variables
            • Data Loss Prevention Token Variables
            • Known Threat Activity Token Variables
            • Network Access Control Token Variables
            • Web Access Policy Violation Token Variables
          • Updates
            • Antispam Rule Update Successful
            • Antispam Rule Update Unsuccessful
            • Pattern File/Cleanup Template Update Successful
            • Pattern File/Cleanup Template Update Unsuccessful
            • Scan Engine Update Successful
            • Scan Engine Update Unsuccessful
        • Reports
          • Reports Overview
          • Custom Templates
            • Adding or Editing Custom Templates
              • Configuring the Static Text Report Element
              • Configuring the Bar Chart Report Element
              • Configuring the Line Chart Report Element
              • Configuring the Pie Chart Report Element
              • Configuring the Dynamic Table Report Element
              • Configuring the Grid Table Report Element
          • One-time Reports
            • Creating One-time Reports
            • Viewing One-Time Reports
          • Scheduled Reports
            • Adding Scheduled Reports
            • Editing Scheduled Reports
            • Viewing Scheduled Reports
          • Configuring Report Maintenance
          • Viewing My Reports
      • Administration
        • Component Updates
          • Component Updates
            • Component List
            • Update Source
            • Deployment Plan
              • Adding a Deployment Schedule
          • Configuring Scheduled Update Settings
          • Configuring Manual Update Settings
        • Command Tracking
          • Querying and Viewing Commands
            • Command Details
        • Settings
          • Active Directory and Compliance Settings
            • Active Directory Integration
              • Configuring Active Directory Synchronization
            • Compliance Indicators
              • Configuring the Antivirus Pattern Compliance Indicators
              • Configuring the Data Loss Prevention Compliance Indicator
            • Endpoint and User Grouping
              • Sites
                • Creating a Custom Site
                • Merging Sites
              • Reporting Lines
                • Creating a Custom Reporting Line
                • Merging Reporting Lines
          • Automation API Access Settings
          • Configuring Syslog Forwarding
            • Disabling Syslog Forwarding
            • Supported Log Types and Formats
            • Syslog Content Mapping - CEF
              • CEF Attack Discovery Detection Logs
              • CEF Behavior Monitoring Logs
              • CEF C&C Callback Logs
              • CEF Content Security Logs
                • Filter Action Mapping Table
                • Filter Action Result Mapping Table
              • CEF Data Loss Prevention Logs
                • Action Result Mapping Table
                • Channel Mapping Table
              • CEF Device Access Control Logs
                • Product ID Mapping Table
              • CEF Endpoint Application Control Logs
              • CEF Engine Update Status Logs
              • CEF Intrusion Prevention Logs
              • CEF Network Content Inspection Logs
              • CEF Pattern Update Status Logs
              • CEF Predictive Machine Learning Logs
                • Threat Type Mapping Table
              • CEF Product Auditing Events
              • CEF Sandbox Detection Logs
              • CEF Spyware/Grayware Logs
                • Action Mapping Table
                • Spyware/Grayware Scan Type Mapping Table
                • Spyware/Grayware Risk Type Mapping Table
              • CEF Suspicious File Logs
              • CEF Virus/Malware Logs
                • Second Action Mapping Table
              • CEF Web Security Logs
                • Filter/Blocking Type Mapping Table
                • Protocol Mapping Table
          • Automated Troubleshooting
            • Automated Troubleshooting of Apex One as a Service
            • Configuring Troubleshooting Settings
      • Standard Endpoint Protection FAQs
        • Which Third-Party Security Solutions Can Be Auto-Uninstalled by Standard Endpoint Protection?
    • Server & Workload Protection
      • Dashboard
      • Actions (Application Control)
        • Monitor new and changed software
        • Tips for handling changes
        • Turn on maintenance mode when making planned changes
      • Alerts
        • Configure alerts
          • View alerts in the Server & Workload Protection console
          • Configure alert settings
          • Set up email notification for alerts
          • Turn alert emails on or off
          • Configure an individual user to receive alert emails
          • Configure recipients for all alert emails
        • Predefined alerts
        • Monitor Application Control events
          • Choose which Application Control events to log
          • View Application Control event logs
          • Interpret aggregated security events
          • Monitor Application Control alerts
        • Alert: Integrity Monitoring information collection has been delayed
        • Error: Agent version not supported
      • Events & Reports
        • About Server & Workload Protection event logging
          • Events in JSON format
          • Apply tags to identify and group events
            • Manual tagging
            • Auto-tagging
            • Set the precedence for an auto-tagging rule
            • Auto-tagging log inspection events
            • Trusted source tagging
            • Local trusted computer
            • How does Server & Workload Protection determine whether an event on a target computer matches an event on a trusted source computer?
            • Tag events based on a local trusted computer
            • Tag events based on the Trend Micro Certified Safe Software Service
            • Tag events based on a trusted common baseline
            • Delete a tag
          • Rank events to quantify their importance
          • Reduce the number of logged events
          • Set up Amazon SNS
            • Create an AWS user
            • Create an Amazon SNS topic
            • Enable SNS
            • Create subscriptions
            • SNS configuration in JSON format
          • Log and event storage
            • Limit log file sizes
            • Event logging tips
          • Forward Events to a Syslog or SIEM Server
            • Forward Server & Workload Protection events to a Syslog or SIEM server
              • Allow event forwarding network traffic
              • Define a Syslog configuration
              • Forward system events
              • Forward security events
              • Troubleshoot event forwarding
              • "Failed to Send Syslog Message" alert
              • Can't edit Syslog configurations
              • Syslog not transferred due to an expired certificate
              • Syslog not delivered due to an expired or changed server certificate
              • Compatibility
            • Syslog message formats
            • Configure Red Hat Enterprise Linux to receive event logs
              • Set up a Syslog on Red Hat Enterprise Linux 8
              • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
              • Set up a Syslog on Red Hat Enterprise Linux 5
          • System events
            • Agent events
              • Error: Activation Failed
              • Error: Unable to resolve instance hostname
              • "Offline" agent
                • Causes
                • Verify that the agent is running
                • Verify DNS
                • Allow outbound ports (agent-initiated heartbeat)
                • Allow ICMP on Amazon AWS EC2 instances
                • Fix the upgrade issue on Solaris 11
            • Set up AWS Config Rules
            • Error: Check Status Failed
            • Error: Installation of Feature 'dpi' failed: Not available: Filter
            • Error: Module installation failed (Linux)
            • Error: MQTT Connection Offline
            • Troubleshoot event ID 771 "Contact by Unrecognized Client"
            • Event: Max TCP connections
            • Network Engine Status (Windows)
              • What are Network Engine Status warnings
              • Verify the driver status in Windows
              • Disable Network Engine Status warnings
            • Warning: Insufficient disk space
          • Activity Monitoring events
            • Error: Activity Monitoring engine offline
            • Warning: Activity Monitoring engine has only basic functions
          • Anti-Malware events
            • View and restore identified malware
              • See a list of identified files
              • Working with identified files
              • Search for an identified file
              • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
            • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
            • Troubleshoot "Smart Protection Server disconnected" errors
            • Warning: Anti-Malware engine has only basic functions
            • Error: Anti-Malware Engine Offline
            • Anti-Malware Windows platform update failed
              • An incompatible Anti-Malware component from another Trend Micro product
              • An incompatible Anti-Malware component from a third-party product
              • Other/unknown Error
            • Anti-Malware scan failures and cancellations
          • Web Reputation events
          • Device Control events
            • Error: Device Control Engine Offline
              • If your agent is on Windows
          • Application Control events
            • Error: There are one or more application type conflicts on this computer
              • Resolution
              • Consolidate ports
              • Disable the inherit option
          • Integrity Monitoring events
          • Log inspection events
            • Syslog message formats
            • Error: Log Inspection Rules Require Log Files
              • If the file's location is required
              • If the files listed do not exist on the protected machine
          • Firewall events
            • Why am I seeing firewall events when the firewall module is off?
          • Intrusion prevention events
            • Error: Intrusion Prevention Rule Compilation Failed
              • Apply Intrusion Prevention best practices
              • Manage rules
              • Unassign application types from a single port
            • Warning: Reconnaissance Detected
        • About attack reports
          • Generate reports about alerts and other activity
            • Set up a single report
            • Set up a scheduled report
            • Troubleshoot: Scheduled report sending failed
      • Computers
        • Computer and agent statuses
        • Group computers dynamically with smart folders
        • Add Computers
          • About adding computers
          • Add local network computers
            • Manually add a computer
          • Set up a data center gateway
          • Add Active Directory computers
            • Add a data center gateway
            • Add an Active Directory
            • Additional Active Directory options
            • Remove directory
            • Synchronize now
            • Server certificate usage
            • Keep Active Directory objects synchronized
            • Disable Active Directory synchronization
            • Remove computer groups from Active Directory synchronization
          • Add VMware VMs
            • Add a VMware vCenter to Server & Workload Protection
              • Add a data center gateway
              • Add a VMware vCenter
              • Protect workloads in VMware
            • Add virtual machines hosted on VMware vCloud
              • What are the benefits of adding a vCloud account? {What}
              • Proxy setting for cloud accounts
              • Create a VMware vCloud Organization account for Server & Workload Protection
              • Import computers from a VMware vCloud Organization Account
              • Import computers from a VMware vCloud Air data center
              • Remove a cloud account
          • Add AWS Instances
            • About Adding AWS Accounts
              • Integrate with AWS Systems Manager Distributor
                • Create an IAM policy
                • Create a role and assign the policy
                • Create parameters
                • Create association
                • Protect your computers
              • AWS Auto Scaling and Server & Workload Protection
                • Pre-install the agent
                • Install the agent with a deployment script
                • Delete instances from Server & Workload Protection as a result of Auto Scaling
              • Issues adding your AWS account to Server & Workload Protection
                • AWS is taking longer than expected
                • Resource is not supported in this region
                • Template validation issue
                • Server & Workload Protection was unable to add your AWS account
              • Error: Unable to connect to the cloud account
            • Add Amazon WorkSpaces
              • Protect Amazon WorkSpaces if you already added your AWS account
              • Protect Amazon WorkSpaces if you have not yet added your AWS account
            • Manage an AWS Account
            • Manage an AWS account external ID
              • What is the external ID?
              • Configure the external ID
              • Update the external ID
              • Determine whether you're using a user- or manager-defined external ID
              • Update the external ID through the Server & Workload Protection console
              • Update the external ID through the Server & Workload Protection API
              • Retrieve the external ID
              • Through the Server & Workload Protection API
              • Disable retrieval of the external ID
            • Protect an account running in AWS Outposts
            • Install the agent on an AMI or WorkSpace bundle
              • Add your AWS account to Server & Workload Protection
              • Configure the activation type
              • Launch a master Amazon EC2 instance or Amazon WorkSpace
              • Deploy an agent on the master
              • Verify that the agent was installed and activated properly
              • Set up policy auto-assignment
              • Create an AMI or custom WorkSpace bundle based on the master
              • Use the AMI
            • Install the agent on Amazon EC2 and WorkSpaces
              • Add your AWS accounts to Server & Workload Protection
              • Configure the activation type
              • Open ports
              • Which ports should be opened?
              • Deploy agents to your Amazon EC2 instances and WorkSpaces
              • Verify that the agent was installed and activated properly
              • Assign a policy
            • What does the Cloud Formation template do when I add an AWS account?
          • Azure Instances
            • Synchronize Azure subscriptions
            • Install the agent on Azure VMs
          • Add Google Cloud project Instances
            • Create a Google Cloud Platform service account
              • Prerequisite: Enable the Google APIs
              • Create a GCP service account
              • Add more projects to the GCP service account
              • Create multiple GCP service accounts
            • Add a Google Cloud Platform account
              • What are the benefits of adding a GCP account?
              • Configure a proxy setting for the GCP account
              • Add a GCP account to Server & Workload Protection
              • Remove a GCP account
              • Synchronize a GCP account
            • Install the agent on Google Cloud Platform VMs
          • Manually upgrade your AWS account connection
            • Verify the permissions associated with the AWS role
          • How do I migrate to the new cloud connector functionality?
          • Protect Docker containers
          • Protect OpenShift containers
        • Overview of recommendation scans
          • Enhanced recommendation scan
          • Classic recommendation scan
      • Policies
        • Create policies
          • Create a new policy
          • Other ways to create a policy
          • Import policies from an XML file
          • Duplicate an existing policy
          • Create a new policy based on the recommendation scan of a computer
          • Edit the settings for a policy or individual computer
          • Assign a policy to a computer
          • Disable automatic policy updates
          • Send policy changes manually
          • Export a policy
        • Policies, inheritance, and overrides
        • Detect and configure the interfaces available on a computer
          • Configure a policy for multiple interfaces
          • Enforce interface isolation
        • Overview section of the computer editor
        • Overview section of the policy editor
        • Network engine settings
        • Define Rules, Lists, and Other Common Objects Used by Policies
          • About common objects
            • Create a list of directories for use in policies
            • Create a list of files for use in policies
            • Create a list of file extensions for use in policies
              • Import and export file extension lists
              • See which malware scan configurations use a file extension list
            • Create a list of IP addresses for use in policies
              • Import and export IP lists
              • See which rules use an IP list
            • Create a list of MAC addresses for use in policies
              • Import and export MAC lists
              • See which policies use a MAC list
            • Create a list of ports for use in policies
              • Import and export port lists
              • See which rules use a port list
            • Recommended Exclusions
            • Define a schedule that you can apply to rules
          • Manage role-based access control for common objects
          • Create a firewall rule
          • Allow trusted traffic to bypass the firewall
          • Firewall rule actions and priorities
            • Firewall rule actions
            • More about Allow rules
            • More about Bypass rules
            • Default Bypass rule for Server & Workload Protection traffic
            • More about Force Allow rules
            • Firewall rule sequence
            • A note on logging
            • How firewall rules work together
            • Rule Action
            • Rule priority
            • Putting rule action and priority together
          • Firewall settings
            • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
            • Interface Isolation
            • Interface Patterns
            • Reconnaissance
            • Advanced
            • Events
            • Firewall Events
          • Define stateful firewall configurations
            • Add a stateful configuration
            • Enter stateful configuration information
            • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
            • Export a stateful configuration
            • Delete a stateful configuration
            • See policies and computers a stateful configuration is assigned to
          • Container Firewall rules
          • Manage Container Protection
            • Apply real-time scan
            • Apply your firewall settings
            • Apply your intrusion prevention settings
      • Configure Protection Modules
        • Configure Intrusion Prevention
          • About Intrusion Prevention
          • Set up Intrusion Prevention
            • Enable Intrusion Prevention in Detect mode
            • Enable Auto Apply core Endpoint & Workload rules
            • Test Intrusion Prevention
            • Apply recommended rules
            • Check Intrusion Prevention events
            • Enable fail open for packet or system failures
            • Switch to Prevent mode
            • HTTP Protocol Decoding rule
            • Cross-site scripting and generic SQL injection rules
          • Configure intrusion prevention rules
            • The intrusion prevention rules list
            • Intrusion prevention license types
            • See information about an intrusion prevention rule
            • General Information
            • Details
            • Identification (Trend Micro rules only)
            • See information about the associated vulnerability (Trend Micro rules only)
            • Assign and unassign rules
            • Automatically assign core Endpoint & Workload rules
            • Automatically assign updated required rules
            • Configure event logging for rules
            • Generate alerts
            • Setting configuration options (Trend Micro rules only)
            • Schedule active times
            • Exclude from recommendations
            • Set the context for a rule
            • Override the behavior mode for a rule
            • Override rule and application type configurations
            • Export rules
            • Import rules
          • Configure an SQL injection prevention rule
          • Application types
            • See a list of application types
            • General Information
            • Connection
            • Configuration
            • Options
            • Assigned To
          • Inspect TLS traffic
          • TLS inspection support
            • Manage TLS inspection support package updates
            • Disable TLS inspection support package updates on a single agent
            • Disable TLS inspection support package updates by policy
          • Configure anti-evasion settings
          • Performance tips for intrusion prevention
        • Configure Anti-Malware
          • About Anti-Malware
          • Anti-Malware Set Up
            • Enable and configure Anti-Malware
            • Configure malware scans
              • Create or edit a malware scan configuration
              • Test malware scans
              • Dynamic Intelligence Mode
              • Configure Anti-Malware Monitoring Level
              • Enable Windows AMSI protection (real-time scans only)
              • Scan for spyware and grayware
              • Scan for compressed executable files (real-time scan only)
              • Scan process memory (real-time scans only)
              • Scan compressed files
              • Scan embedded Microsoft Office objects
              • Enable a manual scan for the notifier application
              • Configure malware scan inclusions
              • Configure malware scan exclusions
              • Test file exclusions
              • Syntax for malware scan inclusions and exclusions
              • Scan a network directory (real-time scan only)
              • Specify when real-time scans occur
              • Customize malware remedial actions
              • ActiveAction actions
              • Generate alerts for malware detection
              • Identify malware files by file hash digest
              • Configure notifications on the computer
              • Run scheduled scans when Server & Workload Protection is not accessible
              • Troubleshooting malware scans
            • Performance tips for Anti-Malware
              • Minimize disk usage
              • Optimize CPU usage
              • Optimize RAM usage
            • Configure Deep Security and Microsoft Defender Antivirus for Windows
          • Detect emerging threats using Predictive Machine Learning
            • Enable Predictive Machine Learning
          • Enhanced Anti-Malware and ransomware scanning with behavior monitoring
            • How does enhanced scanning protect you?
            • How to enable enhanced scanning
            • What happens when enhanced scanning finds a problem?
          • Smart Protection in Server & Workload Protection
            • Anti-Malware and Smart Protection
            • Benefits of Smart Scan
            • Enable Smart Scan
            • Smart Protection Server for File Reputation Service
            • Web Reputation and Smart Protection
            • Smart Feedback
          • Handle Anti-Malware
            • View and restore identified malware
              • See a list of identified files
              • Working with identified files
              • Search for an identified file
              • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
            • Create Anti-Malware exceptions
            • Increase debug logging for Anti-Malware in protected Linux instances
        • Configure Firewall
          • About Firewall
          • Set up the Server & Workload Protection firewall
          • Create a firewall rule
          • Allow trusted traffic to bypass the firewall
          • Firewall rule actions and priorities
            • Firewall rule actions
            • More about Allow rules
            • More about Bypass rules
            • Default Bypass rule for Server & Workload Protection traffic
            • More about Force Allow rules
            • Firewall rule sequence
            • A note on logging
            • How firewall rules work together
            • Rule Action
            • Rule priority
            • Putting rule action and priority together
          • Firewall settings
            • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
            • Interface Isolation
            • Interface Patterns
            • Reconnaissance
            • Advanced
            • Events
            • Firewall Events
          • Define stateful firewall configurations
            • Add a stateful configuration
            • Enter stateful configuration information
            • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
            • Export a stateful configuration
            • Delete a stateful configuration
            • See policies and computers a stateful configuration is assigned to
          • Container Firewall rules
        • Manage Container Protection
          • Apply real-time scan
          • Apply your firewall settings
          • Apply your intrusion prevention settings
        • Configure Web Reputation
          • Turn on the Web Reputation module
          • Trend Micro Toolbar
          • Inline and Tap mode
          • Configure the security level
          • Create exceptions
          • Configure the Smart Protection Server
          • Web Reputation advanced settings
          • Test Web Reputation
        • Configure Device Control
        • Configure Integrity Monitoring
          • About Integrity Monitoring
          • Set up Integrity Monitoring
            • Enable Integrity Monitoring
            • Turn on Integrity Monitoring
            • Run a recommendation scan
            • Disable real-time scanning
            • Apply the Integrity Monitoring rules
            • Build a baseline for the computer
            • Periodically scan for changes
            • Test Integrity Monitoring
            • Improve Integrity Monitoring scan performance
            • Limit resource usage
            • Change the content hash algorithm
            • Integrity Monitoring event tagging
          • Create an Integrity Monitoring rule
            • Add a new rule
            • Enter Integrity Monitoring rule information
            • Select a rule template and define rule attributes
            • Registry Value template
            • File template
            • Custom (XML) template
            • Configure Trend Micro Integrity Monitoring rules
            • Configure rule events and alerts
            • Real-time event monitoring
            • Alerts
            • See policies and computers a rule is assigned to
            • Export a rule
            • Delete a rule
          • Integrity Monitoring Rules Language
            • About the Integrity Monitoring rules language
            • DirectorySet
            • FileSet
            • GroupSet
            • InstalledSoftwareSet
            • PortSet
            • ProcessSet
            • RegistryKeySet
            • RegistryValueSet
            • ServiceSet
            • UserSet
            • WQLSet
        • Configure Log Inspection
          • About Log Inspection
          • Set up Log Inspection
            • Turn on the log inspection module
            • Run a recommendation scan
            • Apply the recommended log inspection rules
            • Test Log Inspection
            • Configure log inspection event forwarding and storage
          • Define a Log Inspection rule for use in policies
        • Configuring Application Control
          • About Application Control
            • Key software ruleset concepts
            • How do Application Control software rulesets work?
            • A tour of the Application Control interface
            • Application Control: Software Changes (Actions)
            • Application Control Software Rulesets
            • Security Events
            • Application Control Trust Entities
            • What does Application Control detect as a software change?
          • Set up Application Control
            • Turn on Application Control
            • Monitor new and changed software
            • Tips for handling changes
            • Turn on maintenance mode when making planned changes
            • Application Control tips and considerations
          • Verify that Application Control is enabled
          • Monitor Application Control events
            • Choose which Application Control events to log
            • View Application Control event logs
            • Interpret aggregated security events
            • Monitor Application Control alerts
          • View and change Application Control software rulesets
            • View Application Control software rulesets
            • Security Events
            • Change the action for an Application Control rule
            • Delete an individual Application Control rule
            • Delete an Application Control ruleset
          • Application Control trust entities
            • Trust rulesets
            • Create a trust ruleset
            • Assign or unassign a trust ruleset
            • To assign a trust ruleset:
            • To unassign a trust ruleset:
            • Delete a trust ruleset
            • Trust rules
            • Types of trust rules
            • Create a trust rule
            • Change trust rule properties
            • Delete a trust rule
            • Types of trust rule properties
            • Process Name
            • Paths
            • SHA-256
            • From Windows PowerShell (for source or target):
            • From Server & Workload Protection (for target only):
            • Vendor
            • From File Explorer:
            • From Server & Workload Protection:
            • Product Name
            • From file properties:
            • From File Explorer:
            • From Server & Workload Protection:
            • Signer Name
            • Issuer Common Name
            • Issuer Organizational Unit
            • Issuer Organization
            • Issuer Locality
            • Issuer State or Province
            • Issuer Country
            • Application Control event aggregation and analysis
            • Drift events
            • Trust rules for drift events
            • Security events
            • Trust rules for security events
            • Event analysis output
            • Debug trust rules
            • Consult metrics
            • View signer information
            • Trust rule property limitations for Linux
          • Reset Application Control after too much software change
          • Use the API to create shared and global rulesets
            • Create a shared ruleset
            • Change from shared to computer-specific allow and block rules
            • Deploy Application Control shared rulesets via relays
            • Single tenant deployments
            • Multi-tenant deployments
            • Considerations when using relays with shared rulesets
      • Administration
        • Configure Proxies
          • Configure proxies
          • Proxy settings
          • OS Proxy
        • Configure Relays
          • How relays work
          • Deploy more relays
            • Plan the best number and location of relays
            • Create relay groups
            • Enable relays
            • Assign agents to a relay group
            • Connect agents to a relay's private IP address
          • Check relay connectivity
          • Remove relay functionality from an agent
        • Set up a data center gateway
        • Upgrade Server & Workload Protection
          • About upgrades
          • Apply component updates
            • Configure the component update source
            • Manually retrieve component updates
            • Component update status
            • Pattern updates
            • Rule updates
            • Configure component update settings
          • Disable emails for New Pattern Update alerts
          • Use a web server to distribute software updates
            • Web server requirements
            • Copy the folder structure
            • Configure agents to use the new software repository
          • Upgrade a relay
            • Upgrade a relay from Server & Workload Protection
            • Upgrade a relay by running the installer manually
          • Upgrade the agent
            • Before you begin
            • Upgrade the agent starting from an alert
            • Upgrade multiple agents at once
            • Upgrade the agent from the Computers page
            • Upgrade the agent on activation
            • Upgrade the agent from a Scheduled Task
            • Upgrade the agent manually
            • Upgrade the agent on Windows
            • Upgrade the agent on Linux
            • Upgrade the agent on Solaris
            • Upgrade the agent on AIX
            • Best practices for agent upgrade
          • Install Trend Vision One Endpoint Security agent via Deep Security Agent
            • Before you begin
            • Install Trend Vision One Endpoint Security agent
            • Schedule a task
            • Use Trend Vision One Endpoint Sensor
        • Manage Agents (Protected Computers)
          • Get agent software
            • Check digital signatures of software packages
          • Install the agent
            • Install the agent manually
            • Install the agent on Windows
            • Installation on Amazon WorkSpaces
            • Installation on Windows 2012 Server Core
            • Install the agent on Red Hat, Amazon, SUSE, Oracle, or Cloud Linux
            • Install the agent on Ubuntu or Debian
            • Install the agent on Solaris
            • Install the agent on AIX
            • Install the agent on macOS
            • Install the agent on Red Hat OpenShift:
            • Before you begin
            • Installing the agent
            • Install the agent using other methods
            • Post-installation tasks
            • Configure Mobile Device Management on Server & Workload Protection for the macOS agent
          • Activate the agent
            • Deactivate the agent
            • Start or stop the agent
          • Configure agent version control
            • Agent platform compatibility
              • Server & Workload Protection Sizing
              • Supported features by Windows version
              • Supported features by Windows Server version
              • Supported features by Linux platform
              • Supported features by macOS platform
              • Linux file system compatibility
              • Linux kernel compatibility
                • Disable optional Linux kernel support package updates
                • Disable kernel support package updates on one computer
                • Disable kernel support package updates on multiple computers
              • SELinux support
              • Linux systemd support
          • Configure teamed NICs
          • Communication between Server & Workload Protection and the agent
            • Configure the heartbeat
            • Configure communication directionality
            • Supported cipher suites for communication
            • Agent version 9.5 cipher suites
            • Agent version 9.6 cipher suites
            • Agent version 10.0 cipher suites
            • Agent version 11.0 cipher suites
            • Agent version 12.0 and Agent version 20 cipher suites
          • Configure agents that have no Internet access
          • Activate and protect agents using agent-initiated activation and communication
            • Enable agent-initiated activation and communication
            • Create or modify policies with agent-initiated communication enabled
            • Enable agent-initiated activation
            • Assign the policy to agents
            • Use a deployment script to activate the agents
          • Automatically upgrade agents on activation
          • Using the agent with iptables
          • Enable Managed Detection and Response
          • Enable or disable agent self-protection
            • Configure self-protection through the Server & Workload Protection console
            • Configure self-protection using the command line
            • For agents on Windows
            • For agents on Linux
            • For agents on macOS
            • Limitations on Linux
            • Troubleshooting the Linux agent
          • Are "Offline" agents still protected by Server & Workload Protection?
          • Automate offline computer removal with inactive agent cleanup
            • Ensure computers that are offline for extended periods of time remain protected with Server & Workload Protection
            • Audit logs for computers removed by inactive agent removal
          • Agent settings
          • User mode solution
          • Notifier application
            • How the notifier works
            • Trigger a manual scan
            • Windows
            • macOS
          • Configure CPU usage control
        • Harden Server & Workload Protection
          • About Server & Workload Protection hardening
          • Manage trusted certificates
            • Import trusted certificates
            • View trusted certificates
            • Remove trusted certificates
          • SSL implementation and credential provisioning
          • Protect the agent
          • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
        • Define contexts for use in policies
          • Configure settings used to determine whether a computer has internet connectivity
          • Define a context
        • Customize advanced system settings
        • Server & Workload Protection Settings
        • Add contacts - users who can only receive reports
          • Add or edit a contact
          • Delete a contact
        • Automate
          • Automate Using the API and SDK
            • API Reference
            • The API and SDK - DevOps tools for automation
            • Send your first request using the API
            • Notes about resource property values
            • About the overrides parameter
            • Search for resources
            • API rate limits
            • Performance tips
            • Troubleshooting tips
            • API Cookbook
              • About the API Cookbook
              • Set Up to Use Bash or PowerShell
                • Bash or PowerShell?
                • Check your environment
                • Check your connection to Server & Workload Protection
                • Check your cURL software (for Bash)
                • Check your PowerShell software
                • Create an API key
                • Test your setup
                • Bash
                • PowerShell
                • Final comments
                • Related resources
              • Get a List of Computers (Bash and PowerShell)
              • Search for a Policy (Bash and PowerShell)
                • Before you begin
                • Bash
                • PowerShell
                • Notes
                • Related resources
              • Assign a policy to a computer (Bash and PowerShell)
                • Before you begin
                • Bash
                • PowerShell
                • Notes
                • Related resources
              • Assign a policy to many computers (Bash and PowerShell)
                • Before you begin
                • jq for Bash
                • Required information
                • Bash
                • Let's dig into that Bash script
                • PowerShell
                • Let's dig into that PowerShell script
                • Notes
                • Related Resources
            • SDK Guides
              • Python SDK
                • Get set up to use the Python SDK
                • Prerequisites
                • Download and install the Python SDK
                • Install a Python IDE
                • Windows
                • Linux
                • Add the SDK to a project in PyCharm
                • Next Steps
              • SDK version compatibility
              • Run the code examples
              • Index of code examples
              • Deploy Server & Workload Protection
                • Use the API to generate an agent deployment script
                  • General steps
                  • Example
                • Integrate Server & Workload Protection with AWS Services
                  • Workflow pattern
                  • Amazon GuardDuty
                  • Amazon Macie
                  • Amazon Inspector
                  • AWS WAF
                  • AWS Config
                • Add Computers
                • Add a Google Cloud Platform Connector
                  • Submit a Sync Action for a GCP Connector
                • Control Access Using Roles
                  • General steps
                  • Example: Create a role
                • Create and Manage API Keys
                  • About API Keys
                  • Create an API Key Using Code
                    • Obtain a role ID
                    • Create an API key using an SDK
                    • Create an API key using a username and password
                    • Obtain a session cookie and a request ID
                    • Create an API key using the session cookie and the request ID
                  • Create an API Key using the Server & Workload Protection console
                    • Lock out an existing API key
                  • Manage API keys after their creation
                • Configure Server & Workload Protection system settings
                  • Retrieve, modify, or reset a single system setting
                  • Example: Modify a single system setting
                  • List or modify multiple system settings
                  • Example: Modify multiple system settings
                • Monitor Server & Workload Protection events
              • Configure Protection
                • Create and configure a policy
                  • Create a policy
                  • Assign a policy to a computer
                  • Configure policy and default policy settings
                  • Default setting values and overrides
                  • Policy setting and default policy setting classes
                  • Retrieve the value of a policy setting or default policy setting
                  • List all policy or default policy settings
                  • Configure a single policy or default policy setting
                  • Configure multiple policy and default policy settings
                  • Reset policy overrides
                  • Reset an ID reference
                  • Reset a setting
                  • Reset the status of a security module
                  • Reset a rule
                  • Reset all overrides of a rule
                  • Selectively reset overrides of a rule
                • Configure Firewall
                  • General steps
                  • Example
                  • Create a firewall rule
                  • Limitations to configuring stateful configurations
                • Configure Intrusion Prevention
                  • General steps
                  • Example
                  • Create an Intrusion Prevention rule
                • Configure Anti-Malware
                  • General steps
                  • Example
                  • Create and modify malware scan configurations
                  • General steps for creating malware scan configurations
                  • Example malware scan configuration
                • Configure Web Reputation
                  • General steps
                  • Example
                • Configure Device Control
                  • General steps
                  • Example
                  • Create a USB Device Exception
                • Configure Application Control
                  • Configure Application Control for a policy
                  • Allow or block unrecognized software
                  • Create a shared ruleset
                  • Add Global Rules
                  • Configure maintenance mode during upgrades
                • Configure Integrity Monitoring
                  • General steps
                  • Example
                  • Create an Integrity Monitoring rule
                • Configure Log Inspection
                  • General steps
                  • Example
                  • Create a Log Inspection rule
                  • Create a basic Log Inspection rule
                  • Create a log inspection rule using XML
                • Create and modify lists
                • Create and configure schedules
                • Override policies on a computer
                  • Discover overrides
                  • Configure computer overrides
                  • Configure a single computer setting
                  • Configure settings and protection modules
                  • Rule overrides
              • Maintain Protection
                • Report on computer status
                  • Discover unprotected computers
                  • Find computers based on agent status
                  • Find computers based on module status
                  • See the state of a virtual machine
                  • Get computer configurations
                  • Discover the Anti-Malware configuration of a computer
                  • Get applied intrusion prevention rules
                • Patch unprotected computers
                  • Example: Find the Intrusion Prevention rule for a CVE
                  • Example: Find computers that are not protected against a CVE
                  • Example: Add intrusion prevention rules to computers' policies
                • Assign rules with recommendation scans
                  • Determine when a recommendation scan last ran
                  • Example: Get the date of the last recommendation scan for all computers
                  • Apply recommendations
                • Maintain protection using scheduled tasks
                  • Related classes
                  • Create a scheduled task
                  • Configure general properties
                  • Create the schedule
                  • Example: Daily schedule
                  • Example: Monthly schedule
                  • Configure the task
                  • Example: Create a scheduled task
                  • Create, run, and delete a scheduled task
                  • Run an existing scheduled task
            • Settings reference
            • Use the Legacy APIs
              • Provide access for legacy APIs
              • Transition from the SOAP API
              • Use the legacy REST API
          • Automate Using the Console
            • Schedule Server & Workload Protection to perform tasks
            • Automatically perform tasks when a computer is added or changed (event-based tasks)
            • AWS Auto Scaling and Server & Workload Protection
              • Pre-install the agent
              • Install the agent with a deployment script
              • Delete instances from Server & Workload Protection as a result of Auto Scaling
            • Azure virtual machine scale sets and Server & Workload Protection
            • GCP auto scaling and Server & Workload Protection
              • Pre-install the agent
              • Install the agent with a deployment script
              • Delete instances from Server & Workload Protection as a result of GCP MIGs
            • Use deployment scripts to add and protect computers
              • Generate a deployment script
              • Troubleshooting and tips
            • URL format for download of the agent
            • Automatically assign policies using cloud provider tags/labels
          • Command-line basics
            • dsa_control
            • dsa_control options
            • Agent-initiated activation ("dsa_control -a")
            • Agent-initiated heartbeat command ("dsa_control -m")
            • Activate an agent
            • Windows
            • Linux
            • macOS
            • Force the agent to contact the manager
            • Windows
            • Linux
            • macOS
            • Initiate a manual anti-malware scan
            • Windows
            • Linux
            • macOS
            • Create a diagnostic package
            • Reset the agent
            • Windows
            • Linux
            • macOS
            • dsa_query
            • dsa_query options
            • Check CPU usage and RAM usage
            • Windows
            • Linux
            • Check that ds_agent processes or services are running
            • Windows
            • Linux
            • Restart an agent on Linux
      • Integrations
        • Integrate with AWS Control Tower
          • Overview
          • Integrate with AWS Control Tower
          • Upgrade AWS Control Tower integration
          • Remove AWS Control Tower integration
        • Integrate with AWS Systems Manager Distributor
          • Create an IAM policy
          • Create a role and assign the policy
          • Create parameters
          • Create association
          • Protect your computers
        • Integrate with SAP NetWeaver
        • Integrate with Smart Protection Server
      • FAQs
        • About the Server & Workload Protection components
        • Why does my Windows machine lose network connectivity when I turn on protection?
        • How does agent protection work for Solaris zones?
        • Can Server & Workload Protection protect AWS GovCloud or Azure Government workloads?
        • How does the agent use the Amazon Instance Metadata Service?
        • Why can't I add my Azure server using the Azure cloud connector?
        • Why can't I view all the VMs in an Azure subscription in Server & Workload Protection?
        • How does credit allocation work for Server & Workload Protection?
        • How do I configure user permissions for Server & Workload Protection
      • Troubleshooting
        • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
        • Server & Workload Protection Port numbers
        • "Offline" agent
          • Causes
          • Verify that the agent is running
          • Verify DNS
          • Allow outbound ports (agent-initiated heartbeat)
          • Allow ICMP on Amazon AWS EC2 instances
          • Fix the upgrade issue on Solaris 11
        • High CPU usage
        • Diagnose problems with agent deployment (Windows)
        • Anti-Malware Windows platform update failed
          • An incompatible Anti-Malware component from another Trend Micro product
          • An incompatible Anti-Malware component from a third-party product
          • Other/unknown Error
        • Component update connectivity
        • Network Engine Status (Windows)
          • What are Network Engine Status warnings
          • Verify the driver status in Windows
          • Disable Network Engine Status warnings
        • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
        • Issues adding your AWS account to Server & Workload Protection
          • AWS is taking longer than expected
          • Resource is not supported in this region
          • Template validation issue
          • Server & Workload Protection was unable to add your AWS account
        • Create a diagnostic package and logs
          • Agent diagnostics
          • Create an agent diagnostic package via Server & Workload Protection
          • Create an agent diagnostic package via CLI on a protected computer
          • Collect debug logs with DebugView
        • Removal of older software versions
        • Troubleshoot SELinux alerts
        • Troubleshoot Azure Code Signing
      • Trust and Compliance Information
        • About compliance
        • Agent package integrity check
        • Set up AWS Config Rules
        • Bypass vulnerability management scan traffic in Server & Workload Protection
          • Create a new IP list from the vulnerability scan provider IP range or addresses
          • Create firewall rules for incoming and outbound scan traffic
          • Assign the new firewall rules to a policy to bypass vulnerability scans
        • Use TLS 1.2 with Server & Workload Protection
          • TLS architecture
          • Enable the TLS 1.2 architecture
          • Next steps (deploy new agents and relays)
          • Guidelines for using deployment scripts
    • Agent Resource Monitoring
    • Trend Vision One Endpoint Security agent console
      • Agent console notifications
      • Agent console icon status messages
  • Cloud Security
    • Cloud Risk Management
      • Cloud Security Posture
        • Help topics
        • Manage cloud accounts
          • Cloud accounts
          • Add cloud accounts
          • Managing preferences
            • Notification preferences
              • Email Notifications
              • Mobile Notifications
            • Rule preferences
              • New Rules Behavior
            • Guided Exclusions
            • PDF Reports Logo
          • Account settings
            • Cloud account settings
            • Cloud account general settings
            • Manage cloud account tags
              • Cloud account tags
            • Manage account groups
              • Grouped accounts
              • Group settings
        • Manage users
          • User
        • Cloud Security Posture
          • Cloud Risk Index
          • Asset Coverage
          • Protection
          • Security Posture
          • Compliance
          • Assets at Risk
          • Cloud Accounts Breakdown
          • Account details
          • Entitlements
          • AI Security Posture Management (AI-SPM)
          • Project Centric Overview
            • Define and Manage Projects
        • Misconfiguration and Compliance
          • Accounts navigation
          • All accounts
          • Add account
          • Summary widget
          • Threat monitoring section
          • Compliance status widget
          • Compliance evolution
          • Status per AWS region
          • Most critical failures
          • Summary
            • Report summary
            • Compliance evolution summary
        • Cloud Risk Management rules
          • Introduction to Cloud Risk Management rules
            • Contents
            • What rules does Trend Vision One™ – Cloud Risk Management support?
            • What is the frequency of running the rules?
            • What rules are run?
            • New Accounts
            • Rules configuration
            • Rule settings
            • Anatomy of a rule
            • Check summary
            • Not scored
            • Deprecated Rules
            • Rules supported by Real Time Monitoring
            • FAQs
          • Checks
            • Model check
              • What are Checks?
              • Viewing Checks
              • Check Actions
              • Failure and Success Definition
              • Not Scored Checks
            • Failed check resolution
              • Steps to resolve failures
            • Auto remediation
              • Content
              • How does auto-remediation work
              • Set up auto-remediation
              • Enable or disable rules after deploying auto-remediation
              • Testing auto-remediation deployment
              • Resolution using Manual notifications
              • Verify the auto-remediation resolution
              • Contribution to Auto-remediation project
            • Rules suppress check
            • Send rule to
          • Configurations
            • Rules configuration
            • Configure rules for friendly accounts
          • Rule categories
          • Search
            • Filter and search
              • Contents
              • Filter tags
              • Filter tags Exact Match
              • Filter tags Partial Match
              • Resource Id syntax
              • Regular expression syntax
              • Reserved characters
              • Standard operators
              • Wildcard syntax
              • Only show checks
              • Only show checks
              • How it works
            • CQL filter method
              • Contents
              • Logical operators
              • Resource Wildcards
              • Resource regular expressions
              • Fields list
              • Using CQL to filter your checks
              • Query examples
        • Reports
          • Rules status reports
          • All checks report
          • Configured reports
          • Cloud Risk Management report
          • Generate and download report
        • Compliance
          • Compliance and Cloud Risk Management
            • Supported Standards and Frameworks
            • Standard and Framework checks report
            • Compliance Excel Report
            • Example CIS AWS Foundations report
          • Compliance reports
          • Compliance score
        • Monitoring Real-Time Posture
          • Real-Time Posture Monitoring
            • Setup Real-Time Posture Monitoring
            • Access Real-Time Posture Monitoring
          • Real-Time Posture Monitoring settings
          • Activity Dashboard
          • Monitoring Dashboard
        • Communication and notification
          • Supported notifications
          • Re-run historical check notifications
          • Communication settings
            • Settings for notifications
            • Toggle automatic notifications
            • Communication triggers
            • Communication recipients
            • Copy communication settings
            • Toggle manual notifications
          • Communication channels
            • Communication integrations
            • Email communication
            • SMS communication
            • Slack communication
            • Pagerduty communication
            • Jira communication
              • Jira integration
              • Oauth client Jira setup
            • Zendesk communication
            • ServiceNow communication
            • Amazon SNS communication
            • Microsoft Teams communication
            • Webhook communication
        • Cloud Risk Management Scan help
          • Cloud Risk Management Scan
          • Configuring Cloud Risk Management Scan
            • Cloud Risk Management Scan settings
            • Disable Cloud Risk Management Scan
            • Cloud Risk Management Scan enabled regions
            • Cloud Risk Management Scan frequency
          • Cloud Risk Management Scan - AWS
            • AWS integration
              • Supported regions
              • Unsupported regions
              • AWS Well-Architected Tool
            • AWS custom policy
          • Azure integration
            • Add Access Policy for Key Vault Attributes
          • Cloud Risk Management Scan - GCP
            • Add Cloud Risk Management IP address to GCP access level policy
        • Rule setting profiles
        • Template scanner
          • Template scanner
          • AWS CDK Development Kit (CDK) Example
          • AWS Cloudformation Example
          • Serverless Framework (AWS) Example
          • Terraform (AWS) Example
        • Performance
          • Performance troubleshooting
        • Cloud Security Posture FAQs
    • Container Security
      • Getting started with Container Security
        • Creating a Container Protection Runtime Security ruleset
        • Creating a Container Protection policy
          • Creating a Kubernetes protection policy
          • Creating an Amazon ECS policy
        • Kubernetes cluster security
          • Kubernetes cluster components descriptions
          • Kubernetes system requirements for Container Security
            • OpenShift requirements
            • Runtime Security performance impact
          • Connect Amazon EKS clusters (with and without Fargate)
            • Amazon EKS Fargate system requirements
          • Connect Microsoft AKS clusters
          • Connect Google GKE clusters
            • Adding a firewall rule for admission-webhook in private GKE clusters
          • Grouped namespaces
        • Amazon ECS cluster security
          • Connect Amazon ECS clusters using a new AWS account
          • Connect Amazon ECS clusters using an existing AWS account
          • Set up connected Amazon ECS Fargate clusters
      • Container Inventory
        • Kubernetes clusters
          • Supported Runtime Security Linux kernels (major and minor versions)
          • Supported Helm versions
            • Upgrade Helm chart from Trend Cloud One to Trend Vision One
          • Obtain an API key for automated cluster registration
          • Connect Amazon EKS clusters (with and without Fargate)
          • Connect Microsoft AKS clusters
          • Connect Google GKE clusters
            • Adding a firewall rule for admission-webhook in private GKE clusters
          • Connect Alibaba Cloud ACK clusters
          • Enable Runtime Security and scanning features
            • Runtime Malware Scanning Configuration Settings
          • Proxy Settings Script Generator (for Kubernetes clusters)
        • Amazon ECS clusters
          • Amazon ECS Feature Support
          • Amazon ECS feature costs
          • Connect Amazon ECS clusters using a new AWS account
          • Connect Amazon ECS clusters using an existing AWS account
          • Set up connected Amazon ECS Fargate clusters
          • Enable Runtime Security and Runtime Scanning on Amazon ECS clusters
          • Configure a proxy for ECS instances
          • Adjust the CPU and memory allocations for ECS clusters
        • Container Security Protection status
        • Container response actions (Isolate/Resume, Terminate)
        • Disabling Container Security
          • Removing Container Security from your AWS account
      • Container Protection
        • Policies
          • Managing Kubernetes protection policies
          • Managing Amazon ECS policies
          • Cluster-managed policies
            • Enabling cluster-managed policies
            • Custom resources for cluster-managed policies
            • Resource cleanup
        • Rulesets
          • Managing Rulesets
          • Predefined rules
        • Compliance
          • Kubernetes compliance scanning
          • Compliance scanning report recommendations
            • Amazon Elastic Kubernetes (EKS) 1.4.0 recommendations
              • 2.1.1 - Enable audit logs (automated)
              • 3.2.1 - Ensure that anonymous authentication is not enabled (automated)
              • 3.2.2 - Ensure that the authorization-mode argument is not set to AlwaysAllow (automated)
              • 3.2.3 - Ensure that a Client CA file is configured (automated)
              • 3.2.5 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (automated)
              • 3.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (automated)
              • 3.2.7 - Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture (automated)
              • 3.2.9 - Ensure that the RotateKubeletServerCertificate argument is set to true (automated)
              • 4.1.3 - Minimize wildcard use in Roles and ClusterRoles (automated)
              • 5.1.1 - Ensure Image Vulnerability Scanning using Amazon ECR or a third-party provider (automated)
              • 5.4.1 - Restrict Access to the Control Plane Endpoint (automated)
              • 5.4.2 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated)
              • 5.4.3 Ensure clusters are created with Private Nodes (Automated)
              • 5.4.4 Ensure Network Policy is Enabled and set as appropriate (Automated)
            • Amazon Elastic Kubernetes (EKS) 1.5.0 recommendations
              • 3.1.1 - Ensure that the kubeconfig file permissions are set to 644 or more restrictive (Automated)
              • 3.1.2 - Ensure that the kubelet kubeconfig file ownership is set to root:root (Automated)
              • 3.1.3 - Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Automated)
              • 3.1.4 - Ensure that the kubelet configuration file ownership is set to root:root (Automated)
              • 3.2.4 - Ensure that the --read-only-port is disabled (Automated)
              • 3.2.8 - Ensure that the --rotate-certificates argument is not present or is set to true (Automated)
              • 4.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 4.1.2 - Minimize access to secrets (Automated)
              • 4.1.4 - Minimize access to create pods (Automated)
              • 4.1.5 - Ensure that default service accounts are not actively used (Automated)
              • 4.1.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.1.7 - Avoid use of system:masters group (Automated)
              • 4.2.1 - Minimize the admission of privileged containers (Automated)
              • 4.2.2 - Minimize the admission of containers wishing to share the host process ID namespace (Automated)
              • 4.2.3 - Minimize the admission of containers wishing to share the host IPC namespace (Automated)
              • 4.2.4 - Minimize the admission of containers wishing to share the host network namespace (Automated)
              • 4.2.5 - Minimize the admission of containers with allowPrivilegeEscalation (Automated)
              • 4.3.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 4.4.1 - Prefer using secrets as files over secrets as environment variables (Automated)
              • 4.5.3 - The default namespace should not be used (Automated)
              • 5.2.1 - Prefer using dedicated EKS Service Accounts (Automated)
            • Kubernetes 1.9.0 recommendations
              • 1.1.1 - Ensure that the API server pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.2 - Ensure that the API server pod specification file ownership is set to root:root (Automated)
              • 1.1.3 - Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.4 - Ensure that the controller manager pod specification file ownership is set to root:root (Automated)
              • 1.1.5 - Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.6 - Ensure that the scheduler pod specification file ownership is set to root:root (Automated)
              • 1.1.7 - Ensure that the etcd pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.8 - Ensure that the etcd pod specification file ownership is set to root:root (Automated)
              • 1.1.11 - Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)
              • 1.1.12 - Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)
              • 1.1.13 - Ensure that the default administrative credential file permissions are set to 600 (Automated)
              • 1.1.14 - Ensure that the default administrative credential file ownership is set to root:root (Automated)
              • 1.1.15 - Ensure that the scheduler.conf file permissions are set to 600 or more restrictive (Automated)
              • 1.1.16 - Ensure that the scheduler.conf file ownership is set to root:root (Automated)
              • 1.1.17 - Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive (Automated)
              • 1.1.18 - Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
              • 1.1.19 - Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
              • 1.2.2 - Ensure that the --token-auth-file parameter is not set (Automated)
              • 1.2.4 - Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate (Automated)
              • 1.2.5 - Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
              • 1.2.6 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 1.2.7 - Ensure that the --authorization-mode argument includes Node (Automated)
              • 1.2.8 - Ensure that the --authorization-mode argument includes RBAC (Automated)
              • 1.2.10 - Ensure that the admission control plugin AlwaysAdmit is not set (Automated)
              • 1.2.12 - Ensure that the admission control plugin ServiceAccount is set (Automated)
              • 1.2.13 - Ensure that the admission control plugin NamespaceLifecycle is set (Automated)
              • 1.2.14 - Ensure that the admission control plugin NodeRestriction is set (Automated)
              • 1.2.15 - Ensure that the --profiling argument is set to false (Automated)
              • 1.2.16 - Ensure that the --audit-log-path argument is set (Automated)
              • 1.2.17 - Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
              • 1.2.18 - Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
              • 1.2.19 - Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
              • 1.2.21 - Ensure that the --service-account-lookup argument is set to true (Automated)
              • 1.2.22 - Ensure that the --service-account-key-file argument is set as appropriate (Automated)
              • 1.2.23 - Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
              • 1.2.24 - Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Automated)
              • 1.2.25 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 1.2.26 - Ensure that the --etcd-cafile argument is set as appropriate (Automated)
              • 1.3.2 - Ensure that the --profiling argument is set to false (Automated)
              • 1.3.3 - Ensure that the --use-service-account-credentials argument is set to true (Automated)
              • 1.3.4 - Ensure that the --service-account-private-key-file argument is set as appropriate (Automated)
              • 1.3.5 - Ensure that the --root-ca-file argument is set as appropriate (Automated)
              • 1.3.6 - Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)
              • 1.3.7 - Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
              • 1.4.1 - Ensure that the --profiling argument is set to false (Automated)
              • 1.4.2 - Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
              • 2.1 - Ensure that the --cert-file and --key-file arguments are set as appropriate (Automated)
              • 2.2 - Ensure that the --client-cert-auth argument is set to true (Automated)
              • 2.3 - Ensure that the --auto-tls argument is not set to true (Automated)
              • 2.4 - Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (Automated)
              • 2.5 - Ensure that the --peer-client-cert-auth argument is set to true (Automated)
              • 2.6 - Ensure that the --peer-auto-tls argument is not set to true (Automated)
              • 4.1.1 - Ensure that the kubelet service file permissions are set to 600 or more restrictive (Automated)
              • 4.1.2 - Ensure that the kubelet service file ownership is set to root:root (Automated)
              • 4.1.5 - Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive (Automated)
              • 4.1.6 - Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated)
              • 4.1.9 - If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive (Automated)
              • 4.1.10 - If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root (Automated)
              • 4.2.1 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 4.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 4.2.3 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 4.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (Automated)
              • 4.2.10 - Ensure that the --rotate-certificates argument is not set to false (Automated)
              • 4.3.1 - Ensure that the kube-proxy metrics service is bound to localhost (Automated)
              • 5.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 5.1.2 - Minimize access to secrets (Automated)
              • 5.1.3 - Minimize wildcard use in Roles and ClusterRoles (Automated)
              • 5.1.4 - Minimize access to create pods (Automated)
              • 5.1.5 - Ensure that default service accounts are not actively used (Automated)
              • 5.1.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
            • Red Hat OpenShift 1.6.0 recommendations
              • 4.1.1 - Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)
              • 4.1.2 - Ensure that the kubelet service file ownership is set to root:root (Automated)
              • 4.1.5 - Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)
              • 4.1.6 - Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated)
              • 4.1.7 - Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Automated)
              • 4.1.8 - Ensure that the client certificate authorities file ownership is set to root:root (Automated)
              • 4.1.9 - Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictive (Automated)
              • 4.1.10 - Ensure that the kubelet configuration file ownership is set to root:root (Automated)
              • 4.2.2 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 4.2.3 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 4.2.4 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 4.2.5 - Verify that the read only port is not used or is set to 0 (Automated)
              • 4.2.6 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Automated)
            • Google Kubernetes Engine (GKE) 1.7.0 recommendations
              • 3.1.1- Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Automated)
              • 3.1.2 - Ensure that the proxy kubeconfig file ownership is set to root:root (Automated)
              • 3.1.3 - Ensure that the kubelet configuration file has permissions set to 644 (Automated)
              • 3.1.4 - Ensure that the kubelet configuration file ownership is set to - root:root (Automated)
              • 3.2.1 - Ensure that the Anonymous Auth is Not Enabled Draft (Automated)
              • 3.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 3.2.3 - Ensure that a Client CA File is Configured (Automated)
              • 3.2.4 - Ensure that the --read-only-port is disabled (Automated)
              • 3.2.5 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Automated)
              • 3.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (Automated)
              • 3.2.7 - Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture (Automated)
              • 3.2.8 - Ensure that the --rotate-certificates argument is not present or is set to true (Automated)
              • 3.2.9 - Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)
              • 4.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 4.1.2 - Minimize access to secrets (Automated)
              • 4.1.3 - Minimize wildcard use in Roles and ClusterRoles (Automated)
              • 4.1.4 - Ensure that default service accounts are not actively used (Automated)
              • 4.1.5 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.1.6 - Avoid use of system:masters group (Automated)
              • 4.1.8 - Avoid bindings to system:anonymous (Automated)
              • 4.1.9 - Avoid non-default bindings to system:unauthenticated (Automated)
              • 4.1.10 - Avoid non-default bindings to system:authenticated (Automated)
              • 4.3.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 4.4.1 - Prefer using secrets as files over secrets as environment variables (Automated)
              • 4.6.2 - Ensure that the seccomp profile is set to RuntimeDefault in the pod definitions (Automated)
              • 4.6.4 - The default namespace should not be used (Automated)
              • 5.1.1 - Ensure Image Vulnerability Scanning is enabled (Automated)
              • 5.2.1 - Ensure GKE clusters are not running using the Compute Engine default service account (Automated)
              • 5.3.1 - Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS (Automated)
              • 5.4.1 - Ensure the GKE Metadata Server is Enabled (Automated)
              • 5.5.1 - Ensure Container-Optimized OS (cos_containerd) is used for GKE node images (Automated)
              • 5.5.2 - Ensure Node Auto-Repair is enabled for GKE nodes (Automated)
              • 5.5.3 - Ensure Node Auto-Upgrade is enabled for GKE nodes (Automated)
              • 5.5.4 - When creating New Clusters - Automate GKE version management using Release Channels (Automated)
              • 5.5.5 - Ensure Shielded GKE Nodes are Enabled (Automated)
              • 5.5.6 - Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled (Automated)
              • 5.5.7 - Ensure Secure Boot for Shielded GKE Nodes is Enabled (Automated)
              • 5.6.1 - Enable VPC Flow Logs and Intranode Visibility (Automated)
              • 5.6.2 - Ensure use of VPC-native clusters (Automated)
              • 5.6.3 - Ensure Control Plane Authorized Networks is Enabled (Automated)
              • 5.6.4 - Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated)
              • 5.6.5 - Ensure clusters are created with Private Nodes (Automated)
              • 5.6.7 - Ensure use of Google-managed SSL Certificates (Automated)
              • 5.7.1 - Ensure Logging and Cloud Monitoring is Enabled (Automated)
              • 5.8.3 - Ensure Legacy Authorization (ABAC) is Disabled (Automated)
              • 5.9.2 - Enable Customer-Managed Encryption Keys (CMEK) for Boot Disks (Automated)
              • 5.10.2 - Ensure that Alpha clusters are not used for production workloads (Automated)
              • 5.10.3 - Consider GKE Sandbox for running untrusted workloads (Automated)
              • 5.10.4 - Ensure use of Binary Authorization (Automated)
            • NSA/CISA Kubernetes Hardening Guidance
              • 1.2.4 - Ensure that the --kubelet-https argument is set to true (Automated)
              • 1.2.8 - Ensure that the --authorization-mode argument includes Node (Automated)
              • 1.2.16 - Ensure that the --audit-log-path argument is set (Automated)
              • 1.2.17 - Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
              • 1.2.26 - Ensure that the --etcd-cafile argument is set as appropriate (Automated)
              • 1.2.27 - Ensure that the --insecure-port argument is set to 0 (Automated)
              • 1.2.28 - Ensure that a minimal audit policy is created (Automated)
              • 1.3.29 - Ensure that the --encryption-provider-config argument is set as appropriate (Automated)
              • 2.1.1 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 3.1.1 - Ensure kube-system namespace is not used by users (Automated)
              • 3.1.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 3.2.1 - Ensure LimitRange policy is used to limit resource usage (Automated)
              • 3.2.2 - Ensure ResouceQuota policy is used to limit resource usage (Automated)
              • 4.1.2 - Minimize the admission of containers configured to share the host process ID namespace (Automated)
              • 4.1.3 - Minimize the admission of containers configured to share the host IPC namespace (Automated)
              • 4.1.4 - Minimize the admission of containers configured to share the host network namespace (Automated)
              • 4.1.8 - Ensure the SELinux context of the container is set (Automated)
              • 4.1.9 - Ensure AppArmor is configured to restrict container's access to resources
              • 4.2.10 - Ensure container file system is immutable (Automated)
              • 4.4.5 - Ensure that default service accounts are not actively used. (Automated)
              • 4.4.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.5.1 - Minimize the admission of privileged containers (Automated)
              • 4.5.5 - Minimize the admission of containers with allowPrivilegeEscalation (Automated)
              • 4.5.11 - Ensure SecurityContext is applied to the Pods and Containers (Automated)
              • 4.5.12 - Restrict allowedHostPath to minimize access to the host file system (Automated)
              • 5.3.3 - Ensure Secure Computing mode (seccomp) is enabled to sandbox containers (Automated)
        • Vulnerabilities
        • Events
        • Container Image Scanning
          • Trend Micro Artifact Scanner (TMAS)
            • Integrating Trend Micro Artifact Scanner into a CI/CD pipeline
              • System requirements for Artifact Scanner
              • Downloading and installing artifact scanner
              • Updating to the latest version of the Trend Micro Artifact Scanner CLI
              • Obtaining an API key
              • Adding the CLI to your PATH
            • What to do after the Artifact Scanner scans
              • Integrate Trend Micro Artifact Scanner results into your policies
              • Override vulnerability and secret findings
              • Clean up temporary files
            • Artifact Scanner CLI
            • Trend Micro Artifact Scanner (TMAS) Examples
      • Container Security FAQs
        • Why does the sidecar container exit with code 137 in AWS Fargate?
    • File Security
      • What is File Security?
        • Billing and pricing
        • File Security architecture
        • Scaling & performance
          • Scaling and performance with AWS
          • Scaling and performance with SDK
          • Scaling and performance with Virtual Appliance
          • Scaling and performance with Containerized Scanner
        • Predictive Machine Learning in File Security
          • Enable Predictive Machine Learning in File Security SDK
        • Tags in File Security
          • Scans and tags in AWS
            • Scanning a file
            • Viewing tags
      • Getting started
      • File Security Storage
        • File Security Storage for AWS
          • Deploy File Security Storage to a new AWS account
          • Deploy File Security Storage to an existing AWS account
          • Deploy File Security Storage to an AWS Organization account
          • Add by-region quarantine and promote buckets in single accounts
          • Add a failed scan bucket
          • Turn on scanning in AWS buckets
          • Turn off scanning in AWS buckets
          • Take action after AWS scans
      • File Security SDK
        • Deploy with Go SDK
          • Prerequisites
          • Creating an API key
          • Installing the SDK
          • Initializing the SDK
          • Use the SDK
            • Using advanced functions
            • Viewing Examples
            • Using client tools
          • Golang API reference
        • Deploy with Java SDK
          • Check prerequisites
          • Create an API key
          • Install the SDK
          • Use the File Security Java SDK
          • Java API reference
        • Deploy with Node.js SDK
          • Prerequisites
          • Create an API key
          • Install the SDK
          • Authenticate
          • Node.js API reference
          • Code example
          • Common errors
        • Deploy with Python SDK
          • Prerequisites
          • Create an API key
          • Install the SDK
          • Run the SDK
          • Customize the Examples
        • Deploy with CLI
          • Integrate into a CI/CD pipeline
            • Install File Security CLI
            • Obtain an API Key
          • General usage
          • Available commands
          • Command examples
          • Use Command flags
          • Supported targets
            • File Security CLI response payload
          • Proxy configuration
        • Taking action after SDK scans
      • File Security Virtual Appliance
        • Deploy a Virtual Appliance
          • Deploy a Virtual Appliance from the Service Gateway page
          • Deploy a Virtual Appliance from File Security
        • Manage mount points and scanning
          • Add a mount point
          • Predictive Machine Learning in Virtual Appliance
          • Add a quarantine folder to a mount point
          • Enable scanning for a mount point
          • Scheduled scanning
          • Modify a mount point
          • Disable scanning for a mount point
          • Remove a mount point
            • Removing multiple mount points
        • Manage multiple points and scanning
          • Enable scanning for multiple mount points
          • Disable scanning for multiple mount points
        • Error status codes for mount point status
      • File Security Containerized Scanner
        • Deploy a Containerized Scanner
          • Prerequisites
          • Install the containerized scanner
          • Releases
        • ICAP Protocol and Containerized Scanner
          • Install the Containerized Scanner
          • Load balancing for containerized ICAP scanners
            • Expose the ICAP service with AWS NLB
            • Expose ICAP Service with MetalLB
        • Uninstall Containerized Scanner Helm chart
      • File Security FAQs
      • Troubleshoot File Security
    • Cloud Accounts
      • Getting started with Cloud Accounts
        • About XDR for Cloud
          • Testing CloudTrail integration for XDR for Cloud
          • CloudTrail demo models
          • Testing VPC Flow Log integration for XDR for Cloud
          • Threat Intelligence sweeping test for VPC Flow Logs
          • VPC Flow Log demo models
      • AWS accounts
        • Connecting and updating AWS accounts
          • Adding an AWS account using CloudFormation
          • Adding an AWS account using Terraform
          • CloudTrail configuration
          • Adding an AWS account with CloudTrail and Control Tower
          • Adding an AWS Control Tower audit account with CloudTrail
          • Adding AWS Organizations
          • Updating a legacy AWS connection
          • Using QuickLaunch to add an AWS account
          • Connecting AWS Accounts Using APIs
            • Adding an AWS Account Manually
              • Cloud Accounts AWS Policies in JSON Format
            • Using APIs to connect an AWS account
        • AWS Account Settings
          • AWS Account Information
          • AWS Stack Update
          • AWS Resource Update
        • AWS features and permissions
          • VPC Flow Logs recommendations and requirements
        • AWS supported regions and limitations
      • Azure subscriptions
        • Connecting and updating Azure subscriptions
          • Adding an Azure subscription
          • Adding an Azure Management Group
            • Azure script to change the primary subscription
          • Updating a legacy Azure connection
          • Connect or update multiple Azure subscriptions
            • Azure reduced resource connection script
          • Azure required and granted permissions
        • Subscription settings
          • Subscription Information
          • Azure Resource Update
        • Azure features and permissions
          • Enable XDR for Cloud - Microsoft Azure Activity Logs
          • Enable Microsoft Defender for Endpoint Log Collection
        • Azure supported regions and limitations
      • Google Cloud projects
        • Connecting Google Cloud projects
          • Adding a Google Cloud project
          • Adding a Google Cloud project (January 2025 update)
          • Adding a Google Cloud organization or folder
          • Updating a legacy Google Cloud connection
          • Updating a legacy Google Cloud connection (January 2025 update)
          • Google Cloud required and granted permissions
        • Project settings
          • Project Information
          • Google Cloud Resource Update
          • Google Cloud Resource Update (January 2025 update)
        • Google Cloud features and permissions
        • Google Cloud supported regions and limitations
      • Alibaba Cloud accounts
        • Connecting Alibaba Cloud accounts
          • Adding an Alibaba Cloud account
        • Alibaba Cloud Account Settings
          • Alibaba Cloud Account Information
          • Alibaba Cloud Resource Update
        • Alibaba Cloud features and permissions
        • Alibaba Cloud supported regions and limitations
      • Cloud Accounts troubleshooting and FAQs
        • AWS account connection troubleshooting and FAQ
          • Why is my management account not visible after connecting my AWS organization?
          • AWS deployment architecture
          • AWS organization shows "Reconnect" or "Update feature stack" action after deployment attempt
        • Azure account connection troubleshooting and FAQ
          • Why am I getting failed rules after adding an Azure subscription?
        • Alibaba account connection troubleshooting and FAQ
          • Can I connect my Alibaba Cloud account to more than one Trend Vision One instance?
          • Troubleshooting common issues when connecting an Alibaba Cloud account
        • Cloud Accounts Trend Vision One API key FAQ
        • Estimating and monitoring XDR for Cloud usage
        • Resources deployed by Cloud Accounts
  • Network Security
    • Getting started with Network Security
      • Virtual Network Sensor deployment guides
        • Deploying a Virtual Network Sensor with AWS
          • Configuring AWS security groups for Virtual Network Sensor
          • Launching a Virtual Network Sensor AMI instance
          • Deploying a Virtual Network Sensor from a CloudFormation template
          • Configuring the Virtual Network Sensor as a traffic mirror target
          • Deploying a Virtual Network Sensor behind a network load balancer
        • Deploying a Virtual Network Sensor with Google Cloud
          • Launching a Virtual Network Sensor instance on Google Cloud
          • Configuring traffic mirroring on Google Cloud
        • Deploying a Virtual Network Sensor with Microsoft Azure
          • Creating a network security group and subnets for the Virtual Network Sensor
          • Launching a Virtual Network Sensor instance on Azure
          • Setting up traffic mirroring with Azure virtual network TAP
          • Tips for setting up traffic mirroring with Gigamon VUE Cloud Suite for Azure
        • Deploying a Virtual Network Sensor with Hyper-V
          • Hyper-V network settings
          • Mapping your deployment with Hyper-V
          • Configuring internal network traffic on Hyper-V host
          • Configuring external network traffic on Hyper-V host
          • Configuring external inter-VM traffic with ERSPAN (Hyper-V host)
          • Configuring external network traffic with PCI passthrough (Hyper-V host)
        • Deploying a Virtual Network Sensor with KVM
          • KVM network settings
          • Mapping your deployment with KVM
          • Preparing a vSwitch
          • Configuring internal network traffic with Open vSwitch (SPAN)
          • Configuring external network traffic with Open vSwitch (SPAN)
          • Configuring external network traffic with Open vSwitch (RSPAN)
          • Configuring external inter-VM traffic with ERSPAN (KVM host)
          • Configuring external network traffic with PCI passthrough (KVM host)
        • Deploying a Virtual Network Sensor with Nutanix AHV
          • Configuring traffic mirroring for Nutanix AHV
        • Deploying a Virtual Network Sensor with VMware ESXi
          • Configuring External Network Traffic with the VMware vSphere Standard Switch (Promiscuous Mode)
        • Deploying a Virtual Network Sensor with VMware vCenter
          • VMware vCenter network settings
          • Mapping your deployment with VMware vCenter
          • Configuring internal network traffic with the VMware vSphere Distributed Switch (promiscuous mode)
          • Configuring internal network traffic with the VMware vSphere Distributed Switch (SPAN)
          • Configuring internal network traffic with the VMware vSphere Standard Switch (promiscuous mode)
          • Configuring external network traffic with the VMware vSphere Standard Switch (promiscuous mode/RSPAN)
          • Configuring external network traffic with the VMware vSphere Distributed Switch (RSPAN)
          • Configuring external network traffic with the VMware vSphere Distributed Switch (SPAN)
          • Configuring external network traffic with PCI passthrough (SPAN/RSPAN)
          • Configuring external inter-VM traffic with ERSPAN
          • Configuring external inter-VM traffic with the VMware vSphere Distributed Switch (RSPAN)
        • Virtual Network Sensor system requirements
        • Traffic mirroring with network devices
      • Deep Discovery Inspector connection guides
        • Connecting a Deep Discovery Inspector appliance directly
        • Connecting a Deep Discovery Inspector appliance using Service Gateway as a proxy
        • Deploying a Deep Discovery Inspector virtual appliance on AWS
        • Configuring Deep Discovery Inspector connections
        • Sandbox options for connected Deep Discovery Inspector appliances
          • Integrating a Deep Discovery Inspector virtual appliance with Sandbox as a Service
        • Activating a Deep Discovery Inspector license using the Customer Licensing Portal
      • TippingPoint SMS connection guides
        • Connecting TippingPoint SMS 6.1.0 or later to Network Security
        • Connecting TippingPoint SMS 6.1.0 or later to Network Security through a Service Gateway
        • Connecting TippingPoint SMS 5.5.4 or 6.0.0 through a Service Gateway
        • Migrating a connected TippingPoint SMS to the latest version
        • Migrating an existing TippingPoint SMS 5.5.3 or earlier and connecting to Network Security
        • Service Gateway deployment for TippingPoint SMS
          • Service Gateway appliance system requirements
          • Deploying a Service Gateway virtual appliance with VMware ESXi
          • Deploying a Service Gateway virtual appliance with Microsoft Hyper-V
    • Network Overview
    • Network Inventory
      • Credit allocation for Network Security
      • Virtual Network Sensor
        • Sensor Details
          • Configuring sensor update settings
        • Configuring Virtual Network Sensor connections
        • Virtual Network Sensor system requirements
        • Resizing the Virtual Network Sensor
        • Ports and URLs used by Virtual Network Sensor
        • Virtual Network Sensor CLI commands
      • Deep Discovery Inspector appliances
        • Appliance Details
        • Appliance Plans
          • Plan Details
          • Creating a hotfix/critical patch plan
          • Creating a firmware update plan
          • Creating a configuration replication plan
          • Creating a Virtual Analyzer image deployment plan
        • Virtual Analyzer Image Source
          • Configuring Virtual Analyzer Image Source
        • Ports and URLs used by Deep Discovery Inspector
      • TippingPoint devices
        • Enable TippingPoint Network Sensor
        • Ports and URLs used by TippingPoint
      • Network Inventory with Deep Discovery Director
        • Connecting through Deep Discovery Director
        • Configuring Network Sensors with Deep Discovery Director
    • Network Analysis Configuration
      • Monitoring and Scanning Network Traffic
        • Detection Rules
        • Detection Exceptions
          • Configuring Detection Exceptions
        • Packet Capture
          • Configuring Packet Capture
      • Network Resources
        • Network Resource Lists
        • Configuring a Network Resource profile
        • About central management of Deep Discovery Inspector
    • Intrusion Prevention Configuration
      • Deploying Virtual Patch filter policies to TippingPoint SMS
      • CVE profiles
    • Network Security troubleshooting & FAQ
      • Send to sandbox FAQ
        • What is required for enabling Send to Sandbox on a TPS device in a stack?
      • Virtual Network Sensor FAQ
      • Restoring an unhealthy Virtual Network Sensor connection
  • Email and Collaboration Security
    • Getting started with Trend Vision One Email and Collaboration Security
      • Update from Cloud App Security
        • Connecting and updating Cloud App Security
        • Cloud App Security to Cloud Email and Collaboration Protection feature mapping
          • Feature differences and limitations between Cloud App Security and Cloud Email and Collaboration Protection
      • Update from Trend Micro Email Security
        • Connecting and updating Trend Micro Email Security
        • Trend Micro Email Security to Cloud Email Gateway Protection feature mapping
          • Feature differences and limitations between Trend Micro Email Security and Cloud Email Gateway Protection
      • Post update tasks for Trend Vision One Email and Collaboration Security
      • Credit requirements for Email and Collaboration Security
      • Overview of access permissions to protected services
    • Email Asset Inventory
      • Managing the email account inventory
        • Managing email account policies with Cloud Email and Collaboration Protection
        • Deploying policies for email accounts with Cloud App Security
        • Enabling key features for email accounts with Cloud App Security
      • Managing the email domain inventory
    • Email and Collaboration Sensor
      • Running an Email Sensor test drive
      • Managing Email Sensor detection
    • Cloud Email and Collaboration Protection
      • Introduction
        • About Cloud Email and Collaboration Protection
          • Features and benefits
          • How Cloud Email and Collaboration Protection works
            • Protection modes for email services
              • Features support under API-based protection and inline protection
          • How Cloud Email and Collaboration Protection protects your data privacy
          • Data center geography
          • System requirements
      • Getting started
        • Accessing the Cloud Email and Collaboration Protection management console
          • Accessing the management console
        • Protecting multiple service provider tenants with one account
        • Changes made by Cloud Email and Collaboration Protection
          • Changes made under API-based protection
          • Changes made under inline protection
      • Granting Cloud Email and Collaboration Protection access to services
        • Service account
          • Delegate account
          • Authorized account
        • Different ways to begin granting access
        • Granting access to Microsoft 365 services
          • Granting access to Exchange Online
            • Granting access to Exchange Online with an authorized account
            • Granting access to Exchange Online (inline mode) with an authorized account
              • Verifying related security settings in Microsoft
              • Connectors, transport rules, groups, and allow lists for inline protection
          • Granting access to SharePoint Online with an authorized account
          • Granting access to OneDrive with an authorized account
          • Migrating to authorized account for SharePoint Online and OneDrive
          • Granting access to Microsoft teams
          • Granting access to Teams
            • Creating an Microsoft Entra ID app for Teams protection
          • Using a MIP account
            • Adding a MIP account
            • Removing an MIP account
          • Using a Microsoft Identity Protection account
            • Adding a Microsoft Identity Protection account
            • Removing a Microsoft Identity Protection account
          • Data synchronized by Cloud Email and Collaboration Protection
        • Granting access to Box, Dropbox and Google Drive
          • Before you start
          • Granting access to Box
          • Granting access to Dropbox
          • Granting access to Google Drive
        • Granting access to Gmail
          • Granting access to Gmail
          • Granting access to Gmail (inline mode)
            • Configuring email routing for inline protection
            • Configuring email routing for outbound protection
        • Revoking access to services
          • Revoking access to Microsoft 365 services
          • Revoking access to Box
          • Revoking access to Dropbox
          • Revoking access to Google Drive
          • Revoking access to Gmail
          • Revoking access to Gmail (inline mode)
          • Revoking access to Gmail (inline mode) - inbound protection
      • Dashboard
        • Service status
        • Threat detection
          • Scam widgets
          • Quishing widgets
          • Ransomware widgets
          • Business email compromise (BEC) widgets
          • Summary widgets
          • Security risk scan widgets
          • Virtual Analyzer widgets
          • Data Loss Prevention widgets
          • Viewing threat detection data
        • Risky user detection
          • Internal distributors widgets
          • Top users with targeted attack risks widgets
          • Internal user risk analytics widgets
        • Configuration health
          • Protection feature adoption
      • Policies
        • Advanced Threat Protection
          • Real-time and on-demand scanning
          • Actions available for different services
          • Menu controls for ATP policies
          • Internal domains
            • Configuring internal domains
          • Adding advanced threat protection policies
            • General
            • Advanced Spam Protection
            • Malware Scanning
            • File Blocking
            • Web Reputation Services
            • Virtual Analyzer
            • Correlated Intelligence
          • Running a manual scan
          • Compressed file handling
          • Quishing detection
          • Token list
        • Data Loss Prevention
          • Real-time and on-demand scanning
          • Data identifiers
            • Expressions
            • Keywords
          • Compliance templates
          • Adding Data Loss Prevention policies
            • General
            • Data Loss Prevention
            • Keyword extraction
          • Configuring the Box shared links control policy
          • Running a manual scan
        • Global settings
          • Managing synchronized user list for Exchange Online
          • Viewing correlation rules and detection signals
            • Adding a custom correlation rule
            • Adding a custom detection signal
          • Configuring approved/blocked lists
            • Configuring approved Exchange Online users
            • Configuring approved header field list for Exchange Online
            • Viewing blocked lists for Exchange Online
            • Configuring approved header field list for Gmail
          • Configuring high profile lists
            • Configuring high profile domains
            • Configuring high profile users
            • Configuring high profile user exception list
          • Configuring the internal domain list
          • Managing Predictive Machine Learning exception list
          • Configuring display name spoofing detection exception list
          • Configuring notification settings
            • Configuring recipient groups
            • Configuring notification email settings
          • Configuring suspicious object settings
          • Configuring time-of-click protection settings
          • Configuring attachment password guessing
          • Configuring conditional access policies for risky users
          • Configuring Microsoft licensing model settings for Teams
          • Configuring inline protection settings for Exchange Online
          • Configuring inline protection settings for Gmail
      • Logs
        • Log types
        • Log facets
        • Searching logs
      • Operations
        • Quarantine
          • Quarantine facets
          • Searching quarantine
          • Managing quarantine
          • Previewing quarantined emails
        • User-reported emails
        • Correlated Intelligence
          • Threat types of security risks and anomalies
      • Reports
        • Configuring reports
      • Administration
        • Organization management
        • Service account
        • Automation and integration APIs
        • Add-in for Outlook
          • Release notes
          • Deploying the add-in for Outlook
          • Configuring the add-in for Outlook
          • Using the add-in for Outlook
          • Updating the add-in for Outlook
          • Removing the add-in for Outlook
        • Email reporting
      • Troubleshooting and FAQs
        • Troubleshooting
          • License expiration error upon logon with valid clp account
          • Invalid account error upon console logon
          • "clp or lmp account already registered" error upon granting access to Microsoft 365 services
          • Access grant for Sharepoint Online/OneDrive failure when mfa is enabled
          • Internal domain scheduled synchronization failure for Gmail
          • Internal email messages in Exchange Online improperly handled as spam
          • Server not found or connection closed upon console logon
          • Access grant or migration for inline protection over Exchange Online always fail
          • Not authorized to view content error upon accessing certain screens
          • Associated mailbox not found error upon configuring Gmail quarantine settings
        • FAQs
      • Known issues
      • Cloud Email and Collaboration Protection protection glossary
    • Cloud Email Gateway Protection
      • About Cloud Email Gateway Protection
        • Service requirements
        • Features and benefits
        • Data center geography
        • Inbound message protection
          • Inbound message flow
        • Outbound message protection
        • Integration with Trend Micro products
          • Apex Central
            • Registering to Apex Central
            • Checking Cloud Email Gateway Protection server status
            • Unregistering from Apex Central
          • Remote Manager
      • Getting started with Cloud Email Gateway Protection
        • Provisioning a Trend Micro Business Account
          • Setting up Cloud Email Gateway Protection
      • Working with the dashboard
        • Threats tab
          • Ransomware details chart
          • Threats chart
          • Threats details chart
          • Virtual Analyzer file analysis details chart
          • Virtual Analyzer URL analysis details chart
          • Virtual Analyzer quota usage details
          • Domain-based authentication details chart
          • Blocked message details
        • Top statistics tab
          • Top bec attacks detected by antispam engine chart
          • Top BEC attacks detected by Writing Style Analysis chart
          • Top targeted high profile users
          • Top analyzed advanced threats (files) chart
          • Top analyzed advanced threats (URLs) chart
          • Top malware detected by Predictive Machine Learning chart
          • Top malware detected by pattern-based scanning chart
          • Top spam chart
          • Top Data Loss Prevention (DLP) incidents chart
        • Other statistics tab
          • Volume chart
          • Bandwidth chart
          • Time-of-click protection chart
      • Managing domains
        • Adding a domain
        • Configuring a domain
          • Adding SPF records
          • Adding Microsoft 365 inbound connectors
          • Adding Microsoft 365 outbound connectors
        • Editing or deleting domains
      • Inbound and outbound protection
        • Managing recipient filter
        • Managing sender filter
          • Configuring approved and blocked sender lists
            • Adding senders
            • Deleting senders
            • Importing senders
            • Exporting senders
          • Sender filter settings
        • Transport Layer Security (TLS) peers
          • Adding domain TLS peers
          • Editing domain TLS peers
        • Understanding IP reputation
          • About quick IP list
          • About standard IP reputation settings
          • About approved and blocked IP addresses
            • Managing approved and blocked IP addresses
          • IP reputation order of evaluation
          • Troubleshooting issues
        • Managing reverse DNS validation
          • Configuring reverse DNS validation settings
            • Adding reverse DNS validation settings
            • Editing reverse DNS validation settings
          • Configuring the blocked PTR domain list
            • Adding PTR domains
            • Editing PTR domains
        • Domain-based authentication
          • Sender IP match
            • Adding sender IP match settings
            • Editing sender IP match settings
          • Sender policy framework (SPF)
            • Adding SPF settings
            • Editing SPF settings
          • Domainkeys identified mail (DKIM)
            • Adding DKIM verification settings
            • Editing DKIM verification settings
            • Adding DKIM signing settings
            • Editing DKIM signing settings
          • Domain-based message authentication, reporting & conformance (DMARC)
            • Adding DMARC settings
            • Editing DMARC settings
            • Monitoring DMARC setup
              • Generating a DMARC record
              • Generating a BIMI record and Implementing BIMI
          • How DMARC works with SPF and DKIM
        • File password analysis
          • Configuring file password analysis
          • Adding user-defined passwords
          • Importing user-defined passwords
        • Configuring scan exceptions
          • Scan exception list
          • Configuring "scan exceptions" actions
        • High profile domains
          • Configuring high profile domains
        • High profile users
          • Configuring high profile users
        • Configuring time-of-click protection settings
        • Data Loss Prevention
          • Data identifier types
            • Expressions
              • Predefined Expressions
              • Customized Expressions
                • Criteria for custom expressions
                • Creating a Customized Expression
                • Importing Customized Expressions
            • Keywords
              • Predefined Keyword Lists
              • Custom keyword lists
                • Custom keyword list criteria
                • Creating a Keyword List
                • Importing a Keyword List
            • File Attributes
              • Predefined file attributes list
              • Creating a file attribute list
              • Importing a file attribute list
          • DLP Compliance Templates
            • Predefined DLP Templates
            • Custom DLP templates
              • Condition statements and logical pperators
              • Creating a Template
              • Importing Templates
      • Configuring policies
        • Policy rule overview
          • Default policy rules
        • Managing policy rules
        • Reordering policy rules
        • Naming and enabling a policy rule
        • Specifying recipients and senders
          • Inbound policy rules
          • Outbound policy rules
        • About policy rule scanning criteria
          • Configuring virus scan criteria
            • About Advanced Threat Scan Engine
            • About Predictive Machine Learning
          • Configuring spam filtering criteria
            • Configuring spam criteria
            • Configuring Business Email Compromise criteria
            • Configuring phishing criteria
            • Configuring graymail criteria
            • Configuring Web Reputation criteria
            • Configuring social engineering attack criteria
            • Configuring unusual signal criteria
              • Unusual signals
          • Configuring Correlated Intelligence criteria
          • Configuring Data Loss Prevention criteria
          • Configuring content filtering criteria
            • Using envelope sender is blank criteria
            • Using message header sender differs from envelope sender criteria
            • Using message header sender differs from header reply-to criteria
            • Using attachment file name or extension criteria
            • Using attachment mime content type criteria
            • Using attachment true file type criteria
            • Using message size criteria
            • Using subject matches criteria
            • Using subject is blank criteria
            • Using body matches criteria
            • Using body is blank criteria
            • Using specified header matches criteria
            • Using attachment content matches keyword criteria
            • Using attachment size criteria
            • Using attachment number criteria
            • Using attachment is password protected criteria
            • Using attachment contains active content criteria
            • Using the number of recipients criteria
        • About policy rule actions
          • Specifying policy rule actions
          • intercept actions
            • Using the delete action
            • Using the deliver now action
            • Using the quarantine action
            • Using the change recipient action
          • modify actions
            • Cleaning cleanable malware
            • Deleting matching attachments
            • Sanitizing attachments
            • Inserting an X-Header
            • Inserting a stamp
              • Configuring stamps
            • Tagging the subject line
            • Tokens
          • monitor actions
            • Using the bcc action
          • Encrypting outbound messages
            • Reading an encrypted email message
          • About the send notification action
            • Configuring send notification actions
            • Duplicating or copying send notification actions
            • Removing notifications from policy rule actions
            • Deleting notifications from lists of messages
      • Understanding quarantine
        • Querying the quarantine
        • Configuring end user quarantine settings
        • Quarantine digest settings
          • Adding or editing a digest rule
          • Adding or editing a digest template
      • Logs in Cloud Email Gateway Protection
        • Understanding mail tracking
          • Social engineering attack log details
          • Business Email Compromise log details
          • Antispam engine scan details
        • Understanding policy events
          • Predictive Machine Learning log details
        • Understanding URL click tracking
        • Understanding audit log
        • Configuring syslog settings
          • Syslog forwarding
          • Syslog server profiles
          • Content mapping between log output and CEF syslog type
            • CEF detection logs
            • CEF audit logs
            • CEF mail tracking logs (accepted traffic)
            • CEF URL click tracking logs
        • Querying log export
      • Reports
        • Generated reports
        • Report settings
      • Configuring administration settings
        • Policy objects
          • Managing address groups
          • Managing the URL keyword exception list
          • Managing the Web Reputation approved list
          • Managing correlation rules and detection signals
            • Adding a custom correlation rule
            • Adding a custom detection signal
          • Keyword expressions
            • About regular expressions
              • Characters
              • Bracket expression and character classes
              • Boundary matches
              • Greedy quantifiers
              • Logical operators
              • Shorthand and meta-symbol
            • Using keyword expressions
            • Adding keyword expressions
            • Editing keyword expressions
          • Managing notifications
          • Managing stamps
        • End user management
          • Local accounts
          • Managed accounts
            • Removing end user managed accounts
          • Logon methods
            • Configuring local account logon
            • Configuring single sign-on
              • Configuring Active Directory Federation Services
              • Configuring Microsoft ENTRA ID
              • Configuring Okta
        • Email Continuity
          • Adding an Email Continuity record
          • Editing an Email Continuity record
        • Message size settings
        • Logon access control
          • Configuring access control settings
          • Configuring approved IP addresses
        • Directory management
          • Synchronizing user directories
          • Importing user directories
          • Exporting user directories
          • Installing the directory synchronization tool
        • Co-branding
        • Service integration
          • API access
            • Obtaining an API key
          • Log retrieval
          • Apex Central
            • Configuring suspicious object settings
          • Trend Vision One
            • Configuring suspicious object settings
          • Remote Manager
          • Phishing Simulation
        • Email reporting add-in for Outlook
          • Deploying the add-in in the Microsoft 365 admin center
          • Deploying the add-in in the Exchange admin center
          • Updating the add-in in the Microsoft 365 admin center
        • Migrating data from IMSS or IMSVA
          • Data that will be migrated
          • Data that will not be migrated
          • Prerequisites for data migration
          • Migrating data to Cloud Email Gateway Protection
          • Verifying data after migration
        • Email Recovery
      • FAQs and instructions
        • About mx records and Cloud Email Gateway Protection
        • About mta-sts records for inbound protection
        • Feature limits and capability restrictions
  • Mobile Security
    • Getting started with Mobile Security
      • Mobile Security device platform features
      • System requirements
        • Mobile device permission requirements
      • Resource consumption
        • Android device resource consumption
        • iOS device resource consumption
      • Microsoft Endpoint Manager (Intune) integration
        • Setting up Microsoft Endpoint Manager (Intune) integration
          • Required device permissions for Microsoft Endpoint Manager (Intune) integration
      • VMware Workspace ONE UEM integration
        • Preparing for VMware Workspace ONE UEM integration
        • Setting up Workspace ONE UEM integration
          • Registering Workspace ONE as your Android EMM provider
      • Google Workspace integration
        • Setting up Google Workspace integration
        • Deploying the Mobile Security for Business app to managed Android devices in Google Workspace
        • Deploying a VPN profile for Google Workspace
      • Integration with other MDMs through managed configuration
        • Enrolling devices using managed configuration
          • Managed configuration for Ivanti (MobileIron)
            • Ivanti (MobileIron) managed configuration enrollment for Android devices
            • Ivanti (MobileIron) managed configuration enrollment for iOS devices
      • Mobile Device Director setup
        • Setting up Mobile Device Director
          • Enrolling Android devices
          • Enrolling iOS/iPadOS devices
      • Microsoft Entra ID integration
        • Granting permissions on Microsoft Entra ID data
      • Changing the Mobile Security deployment method
      • Enabling Zero Trust Secure Access on managed mobile devices
        • Deploying the Zero Trust Secure Access certificates to devices using managed configuration
        • Deploying a VPN profile to devices using managed configuration
    • Using Mobile Security with MDM solutions or Microsoft Entra ID
      • Mobile Inventory
        • Devices Tab
        • Users Tab
        • Groups Tab
      • Mobile Detection Logs
      • Mobile Policy
        • Mobile policy data
        • Configuring mobile policies for Android devices
        • Configuring mobile policies for iOS/iPadOS devices
        • Configuring mobile policies for ChromeOS devices
      • Risky Mobile Apps
        • Risky mobile app data
        • Approved List data
    • Using Mobile Device Director
      • Mobile Inventory
        • Devices tab
        • Users tab
        • Assignment Groups tab
      • Managed Mobile Apps
        • Configuring managed mobile apps for Android devices
        • Configuring managed mobile apps for iOS/iPadOS devices
      • Mobile Detection Logs
      • Mobile Compliance Policies
        • Mobile compliance policy data
        • Configuring mobile compliance policies
          • Android compliance policy criteria (user-owned devices with a work profile)
          • Android compliance policy criteria (company-owned, fully managed, and dedicated devices)
          • iOS compliance policy criteria
      • Mobile Security Policies
        • Mobile security policy data
        • Configuring mobile security policies
          • Deepfake Detector for mobile devices
      • Risky Mobile Apps
        • Risky mobile app data
  • Service Management
    • Product Instance
      • Connect existing products to Product Instance
        • Configure Cloud App Security
        • Configure Deep Security Software
        • Configure Trend Micro Apex One On-Premises
        • Configure Trend Cloud One
        • Configure TXOne StellarOne
        • Configure TXOne EdgeOne
      • Create a new product instance
      • Create a new Endpoint Group Manager
    • Asset Visibility Management
      • What is Asset Visibility Management?
      • Add an asset visibility scope
    • Asset Group Management
      • Create an asset group
    • Tag Management
      • Tag library
        • Create custom tags
        • Manage tagged assets
      • External tags
        • Cloud mappings
        • Microsoft Entra ID
      • Automated tagging
        • Create automated tagging rules
      • Execution results
  • Administration
    • User Accounts, Identity Providers, and User Roles
      • User Roles
        • Configuring custom user roles
        • Predefined roles
      • User Accounts
        • Primary User Account
          • Transferring ownership of the Primary User Account
        • Configuring accounts
          • Adding a SAML Account
          • Adding a SAML Group Account
            • Adding a SAML Group Account for Microsoft Entra ID
            • Adding a SAML Group Account for Active Directory (on-premises)
          • Adding an IdP-Only SAML Group Account
          • Adding a Local Account
        • Enabling and configuring multi-factor authentication
      • API Keys
        • Obtaining API keys for third-party apps
        • Obtaining API keys for third-party auditors
      • Identity Providers
        • Configuring Active Directory Federation Services
        • Configuring Google Cloud Identity
        • Configuring Microsoft Entra ID
        • Configuring Okta
          • Configuring SAML Assertion Encryption in Okta
        • Configuring OneLogin
    • Notifications
      • Alerts
      • Subscriptions
      • Managing webhooks
      • Configuring notifications
        • Configuring notifications for response tasks
        • Configuring notifications for new Workbench alert
        • Configuring notifications for Private Access Connector status
        • Configuring notifications for Service Gateway critical service status or performance
        • Configuring notifications for new risk event
        • Configure notifications for case update summary
        • Configure notifications for case update for owners
        • Configuring notifications for newly discovered assets
    • Audit Logs
      • User logs
        • User log data
      • System logs
        • System log data
    • Console Settings
    • License Information
      • Register a new license
      • XDR data retention
    • Credits & Billing
      • Annual Credits
        • Introduction to credit-based licensing
          • Credit allocation models
        • Credit requirements for Trend Vision One solutions, capabilities, and services
          • Considerations for updating to the new Cyber Risk Exposure Management pricing model
        • Purchase credits from AWS Marketplace
        • Purchase credits from Azure Marketplace
        • License entitlements calculated into credits
          • License entitlements calculated into credits - FAQs
      • Pay-As-You-Go
        • Introduction to pay-as-you-go
        • Pay-as-you-go pricing information for Trend Vision One features
        • Purchase a pay-as-you-go contract from AWS Marketplace
          • Update from Trend Cloud One pay-as-you-go to Trend Vision One pay-as-you-go
        • Frequently asked questions
    • Support Settings
      • Configuring remote support settings
      • Enabling hypersensitive mode
    • Domain Verification
      • Adding and managing domains
  • Getting Help and Troubleshooting
    • Help and Support
      • Creating a support case
    • Self-Diagnosis
      • Running diagnostic tests
        • Finding endpoint information
      • Test results tab
      • XDR Endpoint Checker
        • Using XDR Endpoint Checker from a web browser
        • Using XDR Endpoint Checker from the command line
Use regex in Search queries

Create Search queries that match specified patterns with regular expressions (regex).

The Search app allows up to five regex per query. To use regex, surround the pattern you want to query with forward slashes (/):
endpointHostName: /^(W|m)/
  • Search supports regex only for the string data type.
  • General Search does not support regex .
  • Use full match to search a file path. Using partial match for file path search generates an error.
  • Add a space before and after forward slashes to avoid syntax errors.

Syntax examples

Query
Result
Explanation
/^(this is a regex)/
Error
Regex queries must include the field name. Free search is not supported.
endpointHostName: /^(W|m)/
Returns results
Query has correct syntax.
filePath: /etc/pwd/config/aaa
Error
Use a backslash (\) to escape each forward slash to avoid syntax errors.
filePath: /\/etc\/pwd\/config\/aaa/
Use quotation marks and wildcards to avoid syntax errors.
filePath: "*/etc/pwd/config/aaa*"
This example is not regex.
filePath: /\/etc\/pwd\/config\/aaa/
Returns results
Query has backslashes (\) to escape forward slashes.
Online Help Center

Support
For Home For Business


Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • Privacy and personal data collection disclosure
    • Pre-release disclaimer
    • Pre-release sub-feature disclaimer
  • Trend Vision One data privacy, security, and compliance
  • PCI Security Standards
  • What's New
    • What's New by App Group
      • Platform Directory
      • Cyber Risk Exposure Management
      • Dashboards and Reports
      • XDR Threat Investigation
      • Threat Intelligence
      • Workflow and Automation
      • Zero Trust Secure Access
      • Assessment
      • Identity Security
      • Data Security
      • Endpoint Security
      • Cloud Security
      • Network Security
      • Email and Collaboration Security
      • Mobile Security
      • Service Management
      • Administration
      • Platform Releases
    • Release Notes
      • Compliance Management
      • Detection Model Management
      • Firewall Exceptions
      • Service Gateway
        • Service Gateway Firmware
        • Service Gateway: Local ActiveUpdate Service
        • Service Gateway: Forward Proxy Service
        • Service Gateway: Smart Protection Services
        • Service Gateway: Generic Caching Service
        • Service Gateway: Syslog Connector (On-Premises)
        • Service Gateway: Suspicious Object Synchronization Service
      • Trend Vision One Endpoint Security agent
        • Windows agent updates
        • Linux agent updates
        • macOS agent updates
        • Zero Trust Secure Access module
      • Virtual Network Sensor
      • Zero Trust Secure Access On-premises Gateway
      • Zero Trust Secure Access Private Access Connector
  • Introduction
    • Trend Vision One – Proactice security starts here
      • Features and benefits
      • Trend Cybertron
      • Trend Micro supported products
      • Platform Directory
      • Account Settings
      • Account Settings (Foundation Services release)
      • User account switch
      • Business Profile
      • Context menu
        • Advanced analysis actions
        • Response actions
        • Search actions
        • Display settings actions
      • Simulations
        • Running simulations with Trend Vision One Endpoint Security agents
        • Running simulations on endpoints manged by connected endpoint protection products
        • Running simulations on Deep Security Agents endpoints with Activity Monitoring
        • Running the Network Sensor attack simulation
        • Running the TippingPoint network attack simulation
        • Running the behavior anomaly network attack simulation
        • Running the threat actor attack simulation
        • Running the email attack scenario
        • Running Cloud Attack Simulations with Container Security
        • Running the cross-layer attack simulation
    • Trend Vision One Mobile
      • Getting started with Trend Vision One Mobile
      • Receiving notifications from the Trend Vision One console
    • Checking the Trend Vision One service status
      • SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
  • Getting started
    • Getting started with Trend Vision One
      • Activate your Trend Vision One license
      • Trend Vision One access tiers
        • Essential Access
          • Activate Trend Vision One with Essential Access
        • Advanced Access
      • Update Trend Vision One to the Foundation Services release
        • Foundation Services update considerations
        • Impacts of migrating user accounts from other Trend Micro products
      • Connect your IdP solutions
      • Configure user roles and accounts
        • Configure user roles
        • Configure user accounts
      • Firewall exception requirements for Trend Vision One
        • Americas - firewall exceptions
          • Firewall exceptions: Americas - all exceptions
          • Firewall exceptions: Americas - cloud service extension
          • Firewall exceptions: Americas - hosted Service Gateway
        • Australia - firewall exceptions
          • Firewall exceptions: Australia - all exceptions
          • Firewall exceptions: Australia - cloud service extension
          • Firewall exceptions: Australia - hosted Service Gateway
        • Europe - firewall exceptions
          • Firewall exceptions: Europe - all exceptions
          • Firewall exceptions: Europe - cloud service extension
          • Firewall exceptions: Europe - hosted Service Gateway
        • India - firewall exceptions
          • Firewall exceptions: India - all exceptions
          • Firewall exceptions: India - cloud service extension
          • Firewall exceptions: India - hosted Service Gateway
        • Japan - firewall exceptions
          • Firewall exceptions: Japan - all exceptions
          • Firewall exceptions: Japan - cloud service extension
          • Firewall exceptions: Japan - hosted Service Gateway
        • Singapore - firewall exceptions
          • Firewall exceptions: Singapore - all exceptions
          • Firewall exceptions: Singapore - cloud service extension
          • Firewall exceptions: Singapore - hosted Service Gateway
        • Middle East and Africa - firewall exceptions
          • Firewall exceptions: Middle East and Africa - all exceptions
          • Firewall exceptions: Middle East and Africa - cloud service extension
          • Firewall exceptions: Middle East and Africa - hosted Service Gateway
        • Legacy firewall exceptions
          • Australia - firewall exceptions
          • Europe - firewall exceptions
          • India - firewall exceptions
          • United States - firewall exceptions
      • Connect existing products to product instance
      • Review detection models
      • Check Workbench alerts
  • Cyber Risk Exposure Management
    • Cyber Risk Overview
      • Risk Overview
        • Get started with cyber risk subindexes
        • Devices view
        • Internet-facing assets view
        • Accounts view
        • Applications view
        • Cloud assets view
      • Exposure Overview
        • CVE impact score
        • CVE assessment visibility and configuration
        • Cloud asset compliance violations
        • Accounts with weak authentication
          • Multi-factor authentication disabled
          • Password expiration disabled
          • Strong password requirement disabled
        • Accounts that increase attack surface risk
          • Synced admin accounts
          • Extra admin accounts
          • Stale accounts
        • Accounts with excessive privilege
          • Service account misconfigurations
          • Highly authorized disabled accounts
      • Attack Overview
      • Security Configuration Overview
        • Microsoft Defender for Endpoint security configuration
      • Troubleshoot devices with no vulnerability assessment visibility
      • Cyber Risk Index algorithm updates
        • May 5, 2025 - Cyber Risk Index algorithm version 3.0
        • January 29, 2024 - Cyber Risk Index algorithm version 2.0
        • June 5, 2023 - Cyber Risk Index algorithm version 1.1
    • Continuous Risk Management
      • Attack Surface Discovery
        • Internet-Facing Assets
          • Internet-facing domains
          • Internet-facing IP addresses
          • Internet-facing asset exposure scans
        • Applications
        • Cloud assets
          • Cloud Risk Graph
        • APIs
          • Enable detailed metrics for an API gateway
          • Delete API gateways in AWS
            • Delete an endpoint path
        • Asset criticality
        • Risk assessment
        • Asset profile screens
          • Device profile
          • Domain profile
          • IP address profile
          • Account profile
          • Service account profile
          • Public cloud app profile
            • Public cloud app reputation
          • Connected SaaS app profile
          • Local app profile
          • Executable file profile
          • Cloud asset profile
        • Asset profile platform tags
          • Custom asset tags
        • Cyber Risk Exposure Management response actions
      • Threat and Exposure Management
        • Cyber Risk Index overview
          • Risk Reduction Measures
            • Selecting a risk reduction goal
            • Cyber Risk Index reduction
        • Risk factors
          • Account compromise
            • Dark web monitoring
          • Vulnerabilities
            • Vulnerability Assessment
              • Vulnerability Assessment supported operating systems
                • Vulnerability Assessment supported Windows applications
                • Vulnerability Assessment supported macOS applications
                • Vulnerability Assessment supported language packages
              • Connect Trend Cloud One - Endpoint & Workload security and enable activity monitoring
            • CVE assessment visibility and configuration
            • CVE profiles
              • Time-critical CVE profiles
            • Attack prevention/detection rules
            • Mean time to patch (MTTP) and average unpatched time (AUT)
            • Vulnerability percentages and CVE density
          • Activity and behaviors
          • Public cloud app activity
          • System configuration
            • Accounts with weak authentication
              • Multi-factor authentication disabled
              • Password expiration disabled
              • Strong password requirement disabled
            • Accounts that increase attack surface risk
              • Synced admin accounts
              • Extra admin accounts
              • Stale accounts
              • Unmanaged service accounts
              • Non-domain controllers with domain admin sign-ins
            • Accounts with excessive privilege
              • Service account misconfigurations
              • Highly authorized disabled accounts
              • Pseudo domain admins
              • Pseudo limited domain admins
            • Cloud asset compliance violations
          • XDR detection
          • Threat detection
          • Security configuration
          • Predictive analytics
        • Event Rule Management
        • Configuring data sources
          • Risk visibility support for Trend Micro products
          • Cyber Risk Exposure Management regional IP addresses
          • Conformity AWS data source setup
          • Conformity Azure data source setup
          • Conformity Google Cloud data source setup
          • Tenable Security Center data source setup
          • Tenable Vulnerability Management integration
        • Agentless Vulnerability & Threat Detection
          • Get started with Agentless Vulnerability & Threat Detection in AWS
            • Enable vulnerability scanning for AWS
            • Enable anti-malware scanning for AWS
            • Agentless Vulnerability & Threat Detection estimated deployment costs for AWS
          • Get started with Agentless Vulnerability & Threat Detection in Google Cloud
            • Agentless Vulnerability & Threat Detection estimated deployment costs for Google Cloud
          • Get started with Agentless Vulnerability & Threat Detection in Microsoft Azure
          • Scan manually for vulnerabilities and malware
          • Agentless Vulnerability & Threat Detection supported operating systems
          • Find the file system UUID for malware detections
            • Find the UUID in Windows
            • Find the UUID in Linux
          • Agentless Vulnerability & Threat Detection troubleshooting and frequently asked questions
            • AWS troubleshooting and frequently asked questions
            • Google Cloud troubleshooting and frequently asked questions
      • Vulnerability Management
        • Network Vulnerability Scanner
          • Get started with network vulnerability scans
            • Network Vulnerability Scanner supported products
          • Manage network scans
          • Manage scan reports
    • Cyber Attack Prediction
      • Attack Path Prediction
        • Investigate and remediate potential attack paths
        • How potential attack paths are detected and analyzed
          • Key attack path components
    • Security Posture Management
      • Cloud Security Posture
        • Help topics
        • Manage cloud accounts
          • Cloud accounts
          • Add cloud accounts
          • Managing preferences
            • Notification preferences
              • Email Notifications
              • Mobile Notifications
            • Rule preferences
              • New Rules Behavior
            • Guided Exclusions
            • PDF Reports Logo
          • Account settings
            • Cloud account settings
            • Cloud account general settings
            • Manage cloud account tags
              • Cloud account tags
            • Manage account groups
              • Grouped accounts
              • Group settings
        • Manage users
          • User
        • Cloud Security Posture
          • Cloud Risk Index
          • Asset Coverage
          • Protection
          • Security Posture
          • Compliance
          • Assets at Risk
          • Cloud Accounts Breakdown
          • Account details
          • Entitlements
          • AI Security Posture Management (AI-SPM)
          • Project Centric Overview
            • Define and Manage Projects
        • Misconfiguration and Compliance
          • Accounts navigation
          • All accounts
          • Add account
          • Summary widget
          • Threat monitoring section
          • Compliance status widget
          • Compliance evolution
          • Status per AWS region
          • Most critical failures
          • Summary
            • Report summary
            • Compliance evolution summary
        • Cloud Risk Management rules
          • Introduction to Cloud Risk Management rules
            • Contents
            • What rules does Trend Vision One™ – Cloud Risk Management support?
            • What is the frequency of running the rules?
            • What rules are run?
            • New Accounts
            • Rules configuration
            • Rule settings
            • Anatomy of a rule
            • Check summary
            • Not scored
            • Deprecated Rules
            • Rules supported by Real Time Monitoring
            • FAQs
          • Checks
            • Model check
              • What are Checks?
              • Viewing Checks
              • Check Actions
              • Failure and Success Definition
              • Not Scored Checks
            • Failed check resolution
              • Steps to resolve failures
            • Auto remediation
              • Content
              • How does auto-remediation work
              • Set up auto-remediation
              • Enable or disable rules after deploying auto-remediation
              • Testing auto-remediation deployment
              • Resolution using Manual notifications
              • Verify the auto-remediation resolution
              • Contribution to Auto-remediation project
            • Rules suppress check
            • Send rule to
          • Configurations
            • Rules configuration
            • Configure rules for friendly accounts
          • Rule categories
          • Search
            • Filter and search
              • Contents
              • Filter tags
              • Filter tags Exact Match
              • Filter tags Partial Match
              • Resource Id syntax
              • Regular expression syntax
              • Reserved characters
              • Standard operators
              • Wildcard syntax
              • Only show checks
              • Only show checks
              • How it works
            • CQL filter method
              • Contents
              • Logical operators
              • Resource Wildcards
              • Resource regular expressions
              • Fields list
              • Using CQL to filter your checks
              • Query examples
        • Reports
          • Rules status reports
          • All checks report
          • Configured reports
          • Cloud Risk Management report
          • Generate and download report
        • Compliance
          • Compliance and Cloud Risk Management
            • Supported Standards and Frameworks
            • Standard and Framework checks report
            • Compliance Excel Report
            • Example CIS AWS Foundations report
          • Compliance reports
          • Compliance score
        • Monitoring Real-Time Posture
          • Real-Time Posture Monitoring
            • Setup Real-Time Posture Monitoring
            • Access Real-Time Posture Monitoring
          • Real-Time Posture Monitoring settings
          • Activity Dashboard
          • Monitoring Dashboard
        • Communication and notification
          • Supported notifications
          • Re-run historical check notifications
          • Communication settings
            • Settings for notifications
            • Toggle automatic notifications
            • Communication triggers
            • Communication recipients
            • Copy communication settings
            • Toggle manual notifications
          • Communication channels
            • Communication integrations
            • Email communication
            • SMS communication
            • Slack communication
            • Pagerduty communication
            • Jira communication
              • Jira integration
              • Oauth client Jira setup
            • Zendesk communication
            • ServiceNow communication
            • Amazon SNS communication
            • Microsoft Teams communication
            • Webhook communication
        • Cloud Risk Management Scan help
          • Cloud Risk Management Scan
          • Configuring Cloud Risk Management Scan
            • Cloud Risk Management Scan settings
            • Disable Cloud Risk Management Scan
            • Cloud Risk Management Scan enabled regions
            • Cloud Risk Management Scan frequency
          • Cloud Risk Management Scan - AWS
            • AWS integration
              • Supported regions
              • Unsupported regions
              • AWS Well-Architected Tool
            • AWS custom policy
          • Azure integration
            • Add Access Policy for Key Vault Attributes
          • Cloud Risk Management Scan - GCP
            • Add Cloud Risk Management IP address to GCP access level policy
        • Rule setting profiles
        • Template scanner
          • Template scanner
          • AWS CDK Development Kit (CDK) Example
          • AWS Cloudformation Example
          • Serverless Framework (AWS) Example
          • Terraform (AWS) Example
        • Performance
          • Performance troubleshooting
        • Cloud Security Posture FAQs
      • Identity Security Posture
        • Overview
          • Identity Summary
        • Exposure
          • Exposure risk event profile
        • Attack
          • Attack risk event profile
      • Data Security
        • Get started with Data Security
        • Data Security Posture
          • Get started with Data Security Posture
            • Enable Data Security Posture for your AWS cloud accounts
            • Enable or disable Data Security Posture for cloud storage assets
            • Enable Amazon Macie
          • Data Risk
          • Top Risky Assets with Sensitive Data
          • Sensitive Data Overview
          • Sensitive Data by Location
          • Exposure Risk Events
        • Data Policy
          • Add a data policy
        • Data Inventory
        • Track sensitive data movement
          • View sensitive data alerts in Workbench
          • View sensitive data events in Observed Attack Techniques
          • Track data lineage
    • Cyber Governance, Risk, & Compliance
      • Compliance Management
        • Get started with Compliance Management
        • Overview screen
        • Framework details screen
        • Create asset groups and assign asset tags
    • Security Awareness
      • Security Awareness firewall exceptions
      • Get started with training campaigns
        • Edit training campaign notification templates
      • Get started with phishing simulations
        • Phishing simulation settings
        • Monitor phishing simulations
        • Send follow-up notifications to phishing simulation participants
          • Edit phishing simulation notification templates
        • Create custom phishing simulation email templates
      • Set up allow lists for Security Awareness
        • Set up a Trend Micro Email Security allow list
        • Set up a Microsoft 365 Defender allow list
          • Avoid Microsoft Safe Links alerts when opening phishing simulation landing pages
        • Set up a Google Workspace allow list
        • Allow Security Awareness in Cloud Email Gateway Protection
        • Allow Security Awareness in Cloud Email and Collaboration Protection
        • Allow phishing simulation URLs in Microsoft Edge via group policy
        • Allow phishing simulation URLs in Google Chrome via group policy for Windows
        • Allow phishing simulation URLs in Google Chrome via group policy for macOS
        • Bypass clutter and spam filtering by email header for phishing simulation emails in Microsoft 365
        • Create rules for bypassing the junk folder in Microsoft 365
  • Dashboards and Reports
    • Dashboards
      • Customize Dashboards
      • Protocol groups in the Scanned Traffic Summary widget
      • Troubleshoot unresponsive endpoints listed in the Endpoint Protection Status widget
    • Reports
      • Configure a custom report
      • Configure a report from a template
      • Reports license requirements
      • Categories and submitters in the High-Risk Submissions report
  • XDR Threat Investigation
    • Detection Model Management
      • Detection models
        • Detection model data
      • Custom models
        • Custom model data
        • Configure a custom model
        • Run retro scans on custom model data
      • Custom filters
        • Create a custom filter
        • Use a template to create a custom filter
        • Filter query format
        • Custom filter data
        • Trend Micro Sigma specification
          • General guidelines
          • Structure
          • Available data subtypes
          • The search-identifier element
          • Use regex in custom filters
      • Exceptions
        • Add a custom exception
        • Add an exception from the context menu
        • Edit a custom exception
      • Creating filters and models for abnormal download behavior in SharePoint and OneDrive
    • Workbench
      • Getting started with Workbench
        • Enable WebGL
      • Workbench Insights
        • Workbench insight details
          • Workbench Insights alerts
          • Insight-Based Execution Profile
        • Assign owners to Workbench insights
      • All Alerts
        • Alert details
        • Investigate an alert
          • Context menu
          • Advanced Analysis actions
            • Execution Profile
            • Network analytics report
              • Overview of the network analytics report
              • Review the summary
              • Analysis using the Correlation Graph
                • Correlation Graph advanced search filter
              • Analysis using the Transaction and IOC Details
            • Data Lineage
        • Add an exception from the context menu
        • Assign owners to Workbench alerts
    • Search app
      • Search for and execute threat-hunting queries
      • Search actions from the context menu
      • Search syntax
        • Use regex in Search queries
      • Saved queries
      • Search results
        • Create a custom view for search results
      • Search method data sources
        • Data sources general search
        • Cloud activity data sources
        • Container activity data sources
        • Detections data sources
        • Email and Collaboration activity data sources
          • Query format for SharePoint and OneDrive file upload events
        • Endpoint activity data sources
          • eventId and eventSubId mapping
        • Firewall activity data sources
        • Identity and access activity data
        • Message activity data
        • Mobile activity data
          • eventId and eventSubId mapping
        • Network activity data
        • Secure access activity data
        • Third-Party Logs
        • Web activity data
    • Observed Attack Techniques
      • Troubleshooting & FAQ
        • How does Trend Vision One decide the risk level of an event?
    • Targeted Attack Detection
      • Attack exposure
      • Security features and XDR sensors
      • Attack phases
      • Attack scope
      • Risk management guidance
    • Forensics
      • War room
        • Workspaces
        • Evidence report
        • Timeline
        • Triage endpoints
      • Evidence archive
        • Evidence collection
          • Manual evidence collection for Windows endpoints
          • Manual evidence collection for Linux endpoints
          • Supported evidence types
            • Windows evidence types
              • Basic information
              • File timeline
              • Process information
              • Service information
              • Network information
              • Account information
              • System execution
              • User activity
              • Portable Executable (PE) attributes
            • Linux evidence types
              • Basic information
              • Process information
              • Service information
              • Network information
              • Account information
              • User activity
              • Shared file info objects
      • Task list
    • Managed Services
      • Request list
      • Managed Services settings
        • Configure response approval settings
      • Response actions
  • Threat Intelligence
    • Threat Insights
      • Information screen
      • Threat actor types
    • Intelligence Reports
      • Curated intelligence
      • Custom intelligence
      • Sweeping types
      • STIX indicator patterns for sweeping
    • Suspicious Object Management
      • Suspicious Object List
        • Adding or importing suspicious objects
        • Suspicious object actions
      • Exception list
        • Adding exceptions
    • Sandbox Analysis
      • Consolidated analysis results
      • Submitting objects for analysis
      • Submission settings
      • Supported file types
      • Possible reasons for analysis failure
    • Third-Party Intelligence
      • TAXII feeds
        • Configuring a TAXII feed
      • MISP feeds
    • Trend Threat Intelligence Feed
      • Setting up the API for Trend Threat Intelligence Feed
  • Workflow and Automation
    • Case Management
      • Trend Vision One cases
        • Create Case Management ticket profiles
          • Create a ticket profile for Jira
          • Create a ticket profile for ServiceNow ITSM
      • MDR (Managed XDR) case list
      • Case viewer
      • Troubleshooting and FAQs
        • Frequently asked questions
        • Troubleshooting Case Management
    • Security Playbooks
      • Security playbooks requirements
      • Execution results
        • Execution details
          • Action details
      • User-defined playbooks
        • Create Security Awareness Training Campaign playbooks
        • Create Automated High-Risk Account Response playbooks
        • Create Account Response playbooks
        • Create Risk Event Response playbooks
        • Create CVEs with Global Exploit Activity playbooks
        • Create Workbench Insight Progression Update playbooks
        • Create Automated Response Playbooks
        • Create Endpoint Response playbooks
      • Template-based playbooks
        • Create Incident Response Evidence Collection playbooks
          • Supported evidence types
            • Basic information
            • File timeline
            • Process information
            • Network information
            • Service information
            • System execution
            • Account information
            • User activity
            • Portable Executable (PE) attributes
      • Playbook nodes
    • Response Management
      • Response actions
        • Add to Block List task
        • Add to Zscaler Restricted User Group task
        • Collect Evidence task
        • Collect File task
        • Collect Network Analysis Package task
        • Delete Message task
        • Disable User Account task
        • Enable User Account task
        • Force Password Reset task
        • Force Sign Out task
        • Isolate Endpoint task
        • Isolate Container task
        • Quarantine Message task
        • Remove from Block List task
        • Remove from Zscaler Restricted User Group task
        • Revoke Access Permission task
        • Restore Connection task
        • Restore Message task
        • Resume Container task
        • Run osquery task
        • Run Remote Custom Script task
          • Sample signed PowerShell script
        • Run YARA rules task
        • Scan for Malware task
        • Start Remote Shell Session task
          • Remote Shell Commands for Windows Endpoints
          • Remote Shell Commands for Linux Endpoints
          • Remote Shell Commands for Mac Endpoints
        • Submit for Sandbox Analysis task
        • Terminate Process task
        • Terminate Container task
      • Response data
      • Response Management settings
        • Allow network traffic on isolated endpoints
        • Exclude specified endpoints from response actions
        • Configure time-out settings
        • Require approval for specified response actions
    • Data Source and Log Management
      • Cyber Risk Exposure Management data sources
      • XDR Threat Investigation data sources
        • Third-Party Log Collection
          • Log repositories
            • Create a log repository
          • Collectors
          • Add a collector
          • Monitor log repository traffic and retention
          • Install the Third-Party Log Collection service on a Service Gateway
      • Troubleshooting and frequently asked questions
    • Third-Party Integration
      • Active Directory (on-premises) integration
        • Active Directory data usage in associated apps
        • Configuring data synchronization and user access control
          • Active Directory permissions
        • Security event forwarding
      • AttackIQ BAS integration
      • AWS S3 bucket connector
        • Connecting an AWS S3 bucket
        • Configuring roles for the AWS S3 bucket connector
        • Data specification for AWS S3 buckets
      • Check Point Open Platform for Security (OPSEC) integration
      • Cisco XDR integration
      • Claroty xDome integration
      • Cloud Pak for Security integration
      • Cortex XSOAR integration
        • Creating a user role for Cortex XSOAR integration
      • Cyber Risk Exposure Management for Splunk integration
      • Cyborg Security - HUNTER integration
      • Cymulate integration
      • D3 Security integration
      • Elastic integration
      • FortiGate Next-Generation Firewall integration
      • Greenbone Integration
      • Google Cloud Identity integration
        • Overview of access permissions to Google Cloud Identity data
        • Google Cloud Identity data usage in associated apps
        • Configuring Google Cloud Identity integration
        • Revoking Google Cloud Identity permissions
      • Google Security Operations SOAR (Siemplify) integration
      • Google Security Operations SIEM integration
        • Unified Data Model (UDM) mapping
          • Workbench alerts
          • OAT
          • Detections
          • Audit logs
          • Container vulnerabilities
          • Activity data
      • IBM SOAR integration
      • Invision integration
      • Jira Service Management integration (for Workbench and Response Management)
      • Jira Cloud integration (for Case Management)
      • Kong Gateway
      • Logpoint SIEM integration
      • Logpoint SOAR integration
      • LogRhythm SIEM integration
      • Microsoft Entra ID integration
        • Overview of access permissions to Microsoft Entra ID data
        • Microsoft Entra ID data usage in associated apps
        • Configure Microsoft Entra ID integration
        • Migrate from Azure AD Graph APIs to Microsoft Graph APIs
        • Block Microsoft Entra ID permissions
        • Assign the Password Administrator role
        • Assign the Global Reader role
        • Troubleshoot Microsoft Entra ID connections
      • Microsoft Power BI integration
      • Microsoft Sentinel integration
        • Deploy the Trend Vision One connector in Microsoft Sentinel
        • View the ingested data in Log Analytics workspaces
      • MISP integration (via Service Gateway)
      • MISP integration (via direct connection)
      • Nessus Pro integration
      • Netskope CTE integration
      • Nozomi Vantage integration
      • Okta integration
        • Configuring Okta tenants
        • Obtaining your Okta URL domain and API token
      • OpenLDAP integration
      • Palo Alto Panorama integration
      • Picus Security integration
      • Plain text (freetext) feed integration
      • ProxySG and Advanced Secure Gateway integration
      • QRadar on Cloud with STIX-Shifter integration
      • QRadar XDR integration
      • Qualys integration
      • Rapid7 - InsightVM integration
      • Rapid7 - Nexpose integration
      • ReliaQuest GreyMatter integration
      • Rescana integration
      • SafeBreach BAS integration
      • Salesforce integration
        • Configuring Salesforce tenants
      • Securonix SIEM integration
      • ServiceNow ITSM integration (for Workbench)
      • ServiceNow ticketing system integration (for Security Playbooks and Case Management)
        • Configure ServiceNow ITSM to enable Trend Vision One for ServiceNow Ticketing System
      • Splunk HEC connector configuration
      • Splunk SOAR integration
      • Splunk XDR integration
      • Syslog connector (on-premises) configuration
      • Syslog connector (SaaS/cloud) configuration
      • Syslog content mapping - CEF
        • CEF Workbench logs
        • CEF Observed Attack Techniques logs
        • CEF account audit logs
        • CEF system audit logs
      • TAXII feed integration
      • Tanium Comply integration
      • Tenable Security Center integration
      • Tenable Vulnerability Management integration
      • ThreatQ integration
      • VirusTotal integration
      • VU integration
      • Zscaler Internet Access integration
      • Zscaler Private Access integration
    • API Automation Center
    • Service Gateway Management
      • Getting started with Service Gateway
        • Service Gateway overview
        • What's new in Service Gateway Management
        • Mapping your Service Gateway deployment
        • Service Gateway appliance system requirements
          • Service Gateway virtual appliance communication ports
          • Service Gateway sizing guide for endpoints
        • Deployment guides
          • Deploying a Service Gateway virtual appliance with VMware ESXi
          • Deploying a Service Gateway virtual appliance with Microsoft Hyper-V
          • Deploying a Service Gateway virtual appliance with Nutanix AHV
          • Deploying a Service Gateway virtual appliance with AWS
          • Deploying a Service Gateway virtual appliance with Microsoft Azure
          • Deploying a Service Gateway virtual appliance with GCP
          • Upgrading from Service Gateway 2.0 to 3.0
          • Migrating from Service Gateway 1.0 to 3.0
      • Service Gateway appliance configuration
        • Managing services in Service Gateway
          • Service Gateway services
          • ActiveUpdate configuration
          • Smart Protection Services
            • Smart Protection Services product support
            • Connecting Trend Micro products to Smart Protection Server
          • Forward Proxy Service
            • Predefined allow list for Trend Micro services
        • Configuring Service Gateway settings
          • Cloud service extension
          • SNMP trap messages defined for Service Gateway
        • Managing Service Gateway storage
        • Creating Service Gateway configuration profiles
      • Service Gateway Management (legacy)
        • Service Gateway 1.0 appliance system requirements
        • Configuring Service Gateway settings
        • Switching from Service Gateway 1.0 to the latest version
          • Migrating from Service Gateway 1.0 to 2.0
          • Upgrading from Service Gateway 1.0 to 2.0
          • Upgrading from Service Gateway 2.0 to 3.0
          • Migrating from Service Gateway 1.0 to 3.0
      • Service Gateway troubleshooting and FAQs
        • Service Gateway FAQs
        • Troubleshooting Service Gateway
          • Service Gateway support settings
          • Service Gateway CLI commands
            • Service Gateway 1.0 CLI commands
          • Service Gateway 2.0 migration troubleshooting
    • Trend Companion
      • Troubleshooting and FAQ
        • Frequently asked questions
  • Zero Trust Secure Access
    • Getting started with Zero Trust Secure Access
      • What is Zero Trust Secure Access?
      • Preparing to deploy Private Access, Internet Access, and AI Service Access services
        • Zero Trust Secure Access credit settings
        • System requirements
          • Private Access Connector system requirements and sizing guide
          • Secure Access Module system requirements
          • Internet Access On-Premises Gateway system sizing recommendations
        • Traffic protocol support
        • Port and FQDN/IP address requirements
          • Australia - Zero Trust Secure Access FQDNs/IP addresses
          • Europe - Zero Trust Secure Access FQDNs/IP addresses
          • India - Zero Trust Secure Access FQDNs/IP addresses
          • Japan - Zero Trust Secure Access FQDNs/IP addresses
          • Singapore - Zero Trust Secure Access FQDNs/IP addresses
          • Americas - Zero Trust Secure Access FQDNs/IP addresses
          • Middle East and Africa - Zero Trust Secure Access FQDNs/IP addresses
        • Deployment considerations
          • Private Access - client vs browser access
          • Internet Access and AI Service Access - connecting with or without the Secure Access Module
            • Traffic forwarding options for Internet Access and AI Service Access
          • Supported authentication methods for Internet Access and AI Service Access
      • Deployment guides
        • Setting up Zero Trust Secure Access Private Access
          • Identity and access management integration
            • Microsoft Entra ID integration and SSO for Zero Trust Secure Access
            • Okta integration and SSO for Zero Trust Secure Access
            • Active Directory (on-premises) integration and SSO for Zero Trust Secure Access
            • OpenLDAP integration and SSO for Zero Trust Secure Access
            • Google Cloud Identity integration and SSO for Zero Trust Secure Access
          • Private Access Connector deployment
            • Deploying the Private Access Connector on VMware ESXi
            • Deploying the Private Access Connector on AWS Marketplace
              • Manual Scaling
              • Automatic Scaling
              • Configure IMDSv2 in AWS deployments
                • Configure IMDSv2 from LaunchTemplate
                • Configure IMDSv2 from deployed EC2 connectors
            • Deploying the Private Access Connector on Microsoft Azure
              • Manual Scale
              • Custom Autoscale
            • Deploying the Private Access Connector on Google Cloud Platform
            • Deploying the Private Access Connector on Microsoft Hyper-V
            • Private Access Connector CLI commands
          • Secure Access Module deployment
            • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • User portal for Private Access configuration
        • Setting up Zero Trust Secure Access Internet Access and AI Service Access
          • Identity and access management integration
            • Microsoft Entra ID integration and SSO for Zero Trust Secure Access
            • Okta integration and SSO for Zero Trust Secure Access
            • Active Directory On-Premises integration and SSO for Zero Trust Secure Access
              • NTLM or Kerberos single sign-on for Internet Access
            • OpenLDAP integration and SSO for Zero Trust Secure Access
            • Google Cloud Identity integration and SSO for Zero Trust Secure Access
          • Identifying corporate network locations
            • Adding corporate locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
          • Secure Access Module deployment
            • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • PAC file configuration
            • PAC file configuration guidance
          • PAC file deployment
            • Secure Access Module configuration
            • Browser configuration
            • GPO creation
        • Setting up Zero Trust Secure Access Risk Control
        • Deploy Zero Trust Secure Access Module in restricted environment
        • Upgrading from Trend Micro Web Security to Zero Trust Secure Access Internet Access and AI Service Access
          • Trend Micro Web Security Features and Settings Migration
          • Identity and Access Management Integration
            • Integrating Microsoft Entra ID and SSO for Zero Trust Secure Access
            • Integrating Okta and SSO for Zero Trust Secure Access
            • Integrating Active Directory (On-Premises) and SSO for Zero Trust Secure Access
            • Integrating OpenLDAP and SSO for Zero Trust Secure Access
          • Corporate Network Locations
            • Adding Corporate Locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
              • Internet Access On-Premises Gateway system sizing recommendations
          • Post-Migration Checklist
        • Upgrading from InterScan Web Security to Zero Trust Secure Access Internet Access and AI Service Access
          • InterScan Web Security Features and Settings Migration
          • Identity and Access Management Integration
            • Integrating Microsoft Entra ID and SSO for Zero Trust Secure Access
            • Integrating Okta and SSO for Zero Trust Secure Access
            • Integrating Active Directory (On-Premises) and SSO for Zero Trust Secure Access
            • Integrating OpenLDAP and SSO for Zero Trust Secure Access
          • Corporate Network Locations
            • Adding Corporate Locations to the Internet Access Cloud Gateway
            • Deploying an Internet Access On-Premises Gateway
          • Post-Migration Checklist
      • Ranges and limitations
    • Secure access overview
      • Risk Control
      • Private Access
      • Internet Access
      • AI Service Access
    • Secure access rules
      • Creating a risk control rule in playbook view
        • Risk Control Rule components in playbook view
      • Modifying a risk control rule in classic view
        • Secure access rule templates
      • Creating a private access rule
      • Creating an internet access rule
      • Creating an AI service access rule
      • Zero Trust actions
        • Block AI Service, Cloud App, or URL Access task
        • Block Internal App Access task
        • Disable User Account task
        • Enable User Account task
        • Force Password Reset task
          • Assigning the password administrator role
        • Force Sign Out task
        • Isolate Endpoint task
        • Restore Connection task
        • Unblock AI Service, Cloud App, or URL Access task
        • Unblock Internal App Access task
    • Secure access resources
      • Device posture profiles
        • Adding a device posture profile
          • List of supported vendors
          • Getting the certificate location using PowerShell
      • File profiles
        • Adding a file profile
      • Threat protection rules
        • Adding a threat protection rule
          • Supported files for Sandbox Analysis
      • Data loss prevention rules
        • Adding a data loss prevention rule
        • Data loss prevention templates
          • Predefined DLP templates
          • Custom DLP templates
            • Condition statements and logical pperators
            • Adding a custom data loss prevention template
        • Data identifier types
          • Expressions
            • Predefined expressions
            • Custom expressions
              • Criteria for custom expressions
              • Adding a custom expression
          • File attributes
            • Predefined file attributes list
            • Adding a custom file attribute list
          • Keyword lists
            • Predefined keyword lists
            • How keyword lists work
              • Number of keywords condition
              • Distance condition
            • Custom keyword lists
              • Custom keyword list criteria
              • Adding a custom keyword list
      • AI content inspection rules
      • Custom URL categories
        • URL filtering category groups
      • Custom cloud app categories
        • Adding a custom cloud app category
      • IP address groups
        • Adding an IP address group
      • Tenancy restrictions
        • Adding a tenancy restriction
      • HTTP/HTTPS traffic filters
        • Adding an HTTP/HTTPS traffic filter
    • Secure access history
    • Secure access configuration
      • Private Access configuration
        • Private Access Connector configuration
          • Private Access Connector management
        • Internal application configuration
          • Adding an internal application to Private Access
            • Trend Micro Web App Discovery Chrome extension
          • Discovering internal applications
          • Managing certificates
            • Adding a server certificate
            • Adding an enrollment certificate
        • Global settings
          • User portal for Private Access configuration
      • Internet Access and AI Service Access configuration
        • Internet Access gateways and corporate network locations
          • Adding corporate locations to the Internet Access Cloud Gateway
          • Deploying an Internet Access On-Premises Gateway
            • Configuring upstream proxy rules
            • Configuring bandwidth control
              • Configuring a bandwidth control rule
            • Configuring reverse proxy mode
              • Managing rate limiting rules
            • Enable FTP proxy on an Internet Access On-premises gateway
            • Syslog content mapping - CEF
        • PAC files
          • Configuring PAC files
        • HTTPS inspection
          • HTTPS inspection rules
            • Adding an HTTPS inspection rule
            • Cross-signing a CA certificate
            • Deploying the built-in CA certificate
          • Inspection exceptions
            • Adding a domain exception
          • TLS and SSL certificates
            • Root and intermediate CA certificates
            • Server certificates
        • URL allow and deny lists
        • Bypass URL list for the Windows agent
        • Global settings
          • Configuring NTLM or Kerberos single sign-on with Active Directory (on-premises)
            • Configuring the authentication proxy service for corporate intranet locations
            • Configuring the authentication proxy service for corporate intranet locations and public or home networks
            • Configure load balancers to use multiple Internet Access on-premises gateways as the authentication proxy
              • Configuring Nginx as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring HAProxy as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring F5 BIG-IP LTM as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring Linux Virtual Server (LVS) as a load balancer for use with multiple Internet Access on-premises gateways
              • Configuring DNS round-robin mode as a load balancing method for use with multiple Internet Access on-premises gateways
            • Preparing your environment for NTLM or Kerberos single sign-on
          • Outbound static IP settings
          • X-Forwarded-For headers
      • Identity and access management (IAM)
        • Supported IAM systems and required permissions
        • Local user account management
      • Secure Access Module
        • Secure Access Module system requirements
        • Secure Access Module deployment
          • Deploying the Secure Access Module to Trend Vision One Endpoint Security agents
          • Setting up permissions for the Secure Access Module on endpoints using macOS versions 11 to 14
          • Setting up permissions for the Secure Access Module on endpoints using macOS version 15 or later
        • PAC File replacement
          • Replacing the PAC file on Trend Vision One Endpoint Security agents
        • Enabling Zero Trust Secure Access on mobile devices
        • Configure settings for restricted environment
        • Collecting debug logs from endpoints
      • Customization settings
      • Configuring the agent upgrade rate
    • Recommended practices
      • Recommended practice to deploy Private Access
    • Troubleshooting Zero Trust Secure Access
      • Internet Access connection troubleshooting
      • Private Access connection troubleshooting
      • Secure Access Module troubleshooting
  • Assessment
    • Cyber Risk Assessment
      • Cloud Risk Management Assessment
      • Identity Posture Assessment
      • Exchange Online Mailbox/Gmail Assessment
      • Phishing Simulation Assessment
        • Phishing Simulation Assessment general allow list settings
          • Setting up a Trend Micro Email Security allow list
          • Setting up a Microsoft 365 Defender allow list
            • Troubleshooting the Microsoft Defender for Office 365 Allow List
          • Setting up a Google Workspace allow list
        • Verifying domain ownership
      • At-Risk Endpoint Assessment
        • Assessment tool deployment
          • Deploying the assessment tool to Linux endpoints
          • Deploying the assessment tool to macOS endpoints
          • Deploying the assessment tool to Windows endpoints
  • Data Security
    • Data Security
      • Get started with Data Security
      • Data Security Posture
        • Get started with Data Security Posture
          • Enable Data Security Posture for your AWS cloud accounts
          • Enable or disable Data Security Posture for cloud storage assets
          • Enable Amazon Macie
        • Data Risk
        • Top Risky Assets with Sensitive Data
        • Sensitive Data Overview
        • Sensitive Data by Location
        • Exposure Risk Events
      • Data Policy
        • Add a data policy
      • Data Inventory
      • Track sensitive data movement
        • View sensitive data alerts in Workbench
        • View sensitive data events in Observed Attack Techniques
        • Track data lineage
  • Identity Security
    • Identity Security Posture
      • Overview
        • Identity Summary
      • Exposure
        • Exposure risk event profile
      • Attack
        • Attack risk event profile
    • Identity Inventory
      • Get started with Identity Inventory
        • Grant Microsoft Entra ID permissions for use in Identity Inventory
        • Set up Active Directory (on-premises) requirements and permissions for use in Identity Inventory
      • Microsoft Entra ID
        • Overview
        • User
        • Enterprise Application
        • Device
        • Group
        • Role
        • Access Policy
        • Granted Permission
      • Active Directory (on-premises)
        • Overview
        • User
          • Active Directory user account controls
        • Service Account
        • Computer
        • Group
          • Active Directory (on-premises) default privileged security groups
        • Group Policy
        • Trust Relationships
          • Active Directory trust attributes
    • FAQs
      • Microsoft Entra ID data used by Identity Security
      • Active Directory data used by Identity Security
  • Endpoint Security
    • Getting started with Trend Vision One Endpoint Security
      • Evaluating Trend Vision One Endpoint Security
        • Evaluating Standard Endpoint Protection
          • Moving Agents with the Apex One Server Console
          • Moving Agents with the IPXfer Tool
        • Evaluating Server & Workload Protection
          • Moving Trend Cloud One Agents Quick Guide
          • Moving Trend Cloud One Agents Complete Guide
          • Returning Agents to Trend Cloud One - Endpoint & Workload Security
      • Update Trend Micro Endpoint Solutions
        • Endpoint Inventory update considerations for customers migrating multiple consoles
        • Feature differences between Trend Vision One Endpoint Security and Endpoint Inventory 2.0
        • Update from Apex One as a Service
          • Apex One as a Service to Standard Endpoint Protection Feature Mapping
          • New Trend Vision One Customers Updating Apex One as a Service from an Activation Email
          • Existing Trend Vision One Customers Updating Apex One as a Service from an Activation Email
          • Existing Trend Vision One Customers Updating Apex One as a Service from the Trend Vision One Console
        • Update from Apex One On-Premises
          • Before You Migrate
          • Migrating Agents with the Apex One Server Console
          • Migrating Agents with the IPXfer Tool
        • Update from Trend Cloud One - Endpoint & Workload Security
          • Trend Cloud One - Endpoint & Workload Security to Server & Workload Protection feature mapping
          • New Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from an activation email
          • Existing Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from an activation email
          • Existing Trend Vision One customers updating Trend Cloud One - Endpoint & Workload Security from the Trend Vision One console
          • Migrating a Trend Cloud One - Endpoint & Workload Security instance billed to AWS Marketplace
        • Post-Update Tasks
      • Setting up Endpoint Security for new Trend Micro customers
      • Deploy a Service Gateway and Configure Firewall Exceptions
        • Service Gateway appliance system requirements
        • Service Gateway sizing guide for endpoints
        • Deploying a Service Gateway Virtual Appliance with VMware ESXi
        • Deploying a Service Gateway Virtual Appliance with Microsoft Hyper-V
      • Manage your agent deployments
        • Manage endpoint groups
        • Configure endpoint proxies and policies
        • Deploy agents
          • Standard Endpoint Protection agent deployment
          • Server & Workload Protection agent deployment
          • Endpoint Sensor agent deployment
          • Deployment using the offline installer package
          • Install the Endpoint Security agent image builder
            • Retrieve the Trend Vision One parameters
            • Set parameter store values
            • Set up the image builder and create an Amazon Elastic Compute Cloud (EC2) instance
          • Run the deployment script
            • Troubleshooting the Deployment Script
          • Deployment using a golden image
            • Creating a golden image with the agent software
            • Updating the agent for golden image templates
          • Deploying Agents with a Software Management System
            • Deploying Agents Using Microsoft Intune
              • Standard Endpoint Protection Agent Deployment using Microsoft Intune
              • Server & Workload Protection Agent Deployment using Microsoft Intune
              • Endpoint Sensor Agent Deployment using Microsoft Intune
            • Deploying Agents Using Microsoft Endpoint Configuration Manager (SCCM)
            • Deploying Agents Using Group Policy Objects
              • Group Policy Object Sample Script
        • Remove Endpoints
    • Endpoint Inventory
      • Endpoint Management
        • Standard Endpoint Protection Management
        • Server & Workload Protection Management
        • Connected Endpoint Protection Management
      • Global Settings
        • Endpoint Settings
        • Agent Installer Proxy Settings
          • Configuring a custom agent installer proxy
        • Runtime Proxy Settings
          • Configuring Runtime Proxy policies
          • Runtime Proxy priority behavior
      • Trend Vision One Endpoint Security agent system requirements
        • Standard and extended support policies for agents
        • Standard Endpoint Protection system requirements
        • Server & Workload Protection system requirements
          • Linux Secure Boot support
            • Configure Linux Secure Boot for agents
          • Server & Workload Protection relay requirements
          • Server & Workload Protection bandwidth sizing
          • Server & Workload Protection sizing for Squid Proxy
        • Endpoint Sensor-only system requirements
      • Endpoint Inventory table columns
      • Updating the agent on virtual desktops
      • Uninstalling Agents
        • Uninstall Windows Agents with the Tool
        • Uninstall Windows Agents with Microsoft Intune
        • Uninstall macOS Agents with the Tool
        • Uninstall the Standard Endpoint Protection Agent
          • Uninstall the Windows Agent Locally
          • Uninstall the Windows Agent from the Endpoint Group Manager Console
          • Uninstall the macOS Agent from the Endpoint Group Manager Console
        • Uninstall the Server & Workload Protection Agent
          • Uninstall an agent (Windows)
          • Uninstall an agent (Linux)
          • Uninstall an agent (Solaris 10)
          • Uninstall an agent (Solaris 11)
          • Uninstall an agent (AIX)
          • Uninstall an agent (macOS)
          • Uninstall an agent (Red Hat OpenShift)
          • Uninstall the notifier
        • Cleaning Up Uninstalled Agents
      • Trend Vision One Endpoint Security Endpoint Inventory FAQ
        • Endpoint list FAQ
        • Automatic disabling of Activity Monitoring after updating to Server & Workload Protection
        • What happens when a removed endpoint reconnects to Trend Vision One Endpoint Security?
        • What telemetry does the endpoint agent collect from Windows?
        • Linux CLI commands
    • Endpoint Security Configuration
      • Endpoint Security Policies
        • Updating to Endpoint Security Policies
        • About endpoint security policies
        • Configuring endpoint security policies
        • About Monitoring Level
        • Network Content Inspection Engine for Endpoint Sensor
      • Version Control Policies
        • Version control policies feature enrollment
        • Version control policies agent requirements
        • Configuring version control policies
        • Version control policies troubleshooting and FAQ
          • Components managed by Version Control Policies
          • Version control policies FAQ
    • Standard Endpoint Protection
      • About the Dashboard
        • Tabs and Widgets
          • Working with Tabs
          • Working with Widgets
        • Default Dashboard Tabs and Widgets
          • Summary Tab
            • Critical Threats Widget
            • Users with Threats Widget
            • Endpoints with Threats Widget
            • Product Component Status Widget
            • Product Connection Status Widget
            • Ransomware Prevention Widget
          • Security Posture Tab
            • Compliance Indicators
            • Critical Threats
            • Resolved Events
            • Security Posture Chart
            • Security Posture Details Pane
          • Data Loss Prevention Tab
            • DLP Incidents by Severity and Status Widget
            • DLP Incident Trends by User Widget
            • DLP Incidents by User Widget
            • DLP Incidents by Channel Widget
            • DLP Template Matches Widget
            • Top DLP Incident Sources Widget
            • DLP Violated Policy Widget
          • Compliance Tab
            • Product Application Compliance Widget
            • Product Component Status Widget
            • Product Connection Status Widget
            • Agent Connection Status Widget
          • Threat Statistics Tab
            • Apex Central Top Threats Widget
            • Apex Central Threat Statistics Widget
            • Threat Detection Results Widget
            • C&C Callback Events Widget
        • Standard Endpoint Protection Dashboard Widgets
          • Apex Central Top File-based Threats Widgets
          • Hosts with C&C Callback Attempts Widget
          • Unique Compromised Hosts Over Time Widget
        • Apex One Dashboard Widgets
          • Top Blocked Applications
          • Top Endpoints Affected by IPS Events Widget
          • Top IPS Attack Sources
          • Top IPS Events
          • Top Violated Application Control Criteria
        • Apex One (Mac) Dashboard Widgets
          • Key Performance Indicators Widget
            • Configuring Key Performance Indicators
            • Configuring Widget Settings
      • Directories
        • User/Endpoint Directory
          • User/Endpoint Directory
          • User Details
            • Security Threats for Users
            • Policy Status
            • Contact Information
              • Synchronizing Contact Information with Active Directory
          • Endpoint Details
            • Labels
              • Creating a Custom Label or Auto-label Rule
              • Assigning/Removing Labels
              • Using Labels to Query Logs
              • Specifying Labels as Policy Targets
              • Specifying Labels as Report Targets
            • Endpoint Information
            • Security Threats on Endpoints
            • Policy Status
            • Notes for Endpoints
            • General Information for Endpoints
            • Isolating Endpoints
          • Active Directory Details
          • Affected Users
            • General Information for Security Threats
          • Using the Advanced Search
            • Advanced Search Categories
          • Custom Tags and Filters
            • Custom Tags
              • Creating a Custom Tag
              • Assigning Custom Tags to Users/Endpoints
            • Filters
              • Default Endpoint Filters
              • Creating a Custom Filter
            • User or Endpoint Importance
        • Product Servers
      • Policy Management
        • Policy Management
          • Policy Management
            • Creating a New Policy
              • Filtering by Criteria
                • Assigning Endpoints to Filtered Policies
              • Specifying Policy Targets
              • Labels
              • Working with Parent Policy Settings
            • Copying Policy Settings
            • Inheriting Policy Settings
            • Modifying a Policy
            • Importing and Exporting Policies
            • Deleting a Policy
            • Changing the Policy Owner
            • Understanding the Policy List
            • Reordering the Policy List
          • Policy Status
        • Apex One Security Agent Policies
          • Anti-malware Scans
            • General Settings
              • Guidelines for Switching Scan Methods
            • Real-time Scan
              • Configuring Real-time Scan Settings
                • Real-time Scan: Target Tab
                • Real-time Scan: Action Tab
                • Real-time Scan: Scan Exclusion Tab
            • Scheduled Scan
              • Configuring Scheduled Scan Settings
                • Scheduled Scan: Target Tab
                • Scheduled Scan: Action Tab
                • Scheduled Scan: Scan Exclusion Tab
            • Manual Scan
              • Configuring Manual Scan Settings
                • Manual Scan: Target Tab
                • Manual Scan: Action Tab
                • Manual Scan: Scan Exclusion Tab
            • Scan Now
              • Configuring Scan Now Settings
                • Scan Now: Target Tab
                • Scan Now: Action Tab
                • Scan Now: Scan Exclusion Tab
            • Scan Actions
              • ActiveAction
              • Custom Scan Actions
                • Quarantine Directory
              • Uncleanable Files
                • Files Infected with Trojans
                • Files Infected with Worms
                • Write-protected Infected Files
                • Password-protected Files
                • Backup Files
            • Scan Exclusion Support
              • Trend Micro Product Directory Exclusions
              • Wildcard Exceptions
          • Advanced Threat Protection
            • Behavior Monitoring Policy Settings
              • Behavior Monitoring
                • Behavior Monitoring Rules
                • Behavior Monitoring Exception List
                  • Exception List Wildcard Support
                  • Exception List Environment Variable Support
              • Configuring Behavior Monitoring Rules and Exceptions
            • Predictive Machine Learning
              • Configuring Predictive Machine Learning Settings
            • Web Reputation Policy Settings
              • Web Reputation
              • Configuring a Web Reputation Policy
                • HTTPS URL Scan Support
            • Configuring Suspicious Connection Settings
            • Vulnerability Protection Policy Settings
              • Vulnerability Protection
              • Configuring Vulnerability Protection Settings
                • Advanced Logging Policy Modes
            • Device Control Policy Settings
              • Device Control
              • Configuring Device Control Settings
                • Permissions for Devices
                • Wildcard Support for the Device Control Allowed Programs List
                • Specifying a Digital Signature Provider
            • Application Control Policy Settings
              • Application Control
              • Configuring Application Control Settings (Agent)
          • Detection & Response
            • Configuring Sample Submission Settings
          • Exceptions
            • Trusted Program List
              • Configuring the Trusted Programs List
            • Rule Exceptions
              • Configuring Rule Exceptions
            • Spyware/Grayware Approved List
              • Managing the Spyware/Grayware Approved List
          • Agent Configurations
            • Update Agents
              • Assigning Trend Vision One Endpoint Security agents as Update Agents
            • Privileges and Other Settings
              • Configuring Agent Privileges
              • Configuring Other Agent Settings
                • Security Agent Self-protection
                  • Protect Security Agent Services
                  • Protect Files in the Security Agent Installation Folder
                  • Protect Security Agent Registry Keys
                  • Protect Security Agent Processes
                • Cache Settings for Scans
                  • Digital Signature Cache
                  • On-demand Scan Cache
                • POP3 Mail Scan
            • Additional Service Settings
              • Configuring Additional Trend Vision One Endpoint Security agent Services
        • Apex One (Mac) Policy Settings
          • Anti-malware Scans
            • General Settings
              • Scan Methods Compared
              • Switching from Smart Scan to Conventional Scan
              • Switching from Conventional Scan to Smart Scan
            • Real-time Scan
              • Configuring Real-time Scan Settings
                • Real-time Scan: Target Tab
                • Real-time Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
            • Manual Scan
              • Configuring Manual Scan Settings
                • Manual Scan: Target Tab
                • Manual Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
            • Scheduled Scan
              • Configuring Scheduled Scan Settings
                • Scheduled Scan: Target Tab
                • Scheduled Scan: Action Tab
                • Supported Compressed File Types
                • Scan Actions
          • Advanced Threat Protection
            • Predictive Machine Learning Settings
            • Web Reputation
              • Configuring Web Reputation Settings
              • Configuring the Approved and Blocked URL Lists
            • Device Control
              • Configuring Device Control Settings
              • Permissions for Storage Devices
          • Detection and Response
          • Exceptions
            • Scan Exclusions
              • Configuring Scan Exclusion Lists
            • Trusted Program List
              • Configuring the Trusted Program List
          • Agent Configurations
            • Update Settings
              • Pure IPv6 Agent Limitations
              • Configuring Agent Update Settings
            • Cache Settings for Scans
            • Privileges and Other Settings
              • Protected Trend Vision One Endpoint Security agent Files
        • Apex One Server Policy Settings
          • Global Agent Settings
            • Security Settings
            • System Settings
              • Root Certificate Locations
            • Network Settings
            • Agent Control Settings
        • Apex One Data Loss Prevention Policies
          • Apex One Data Discovery Dashboard Widgets
            • Top Sensitive File Policy Detections Widget
            • Top Endpoints with Sensitive Files Widget
            • Top Data Discovery Template Matches Widget
            • Top Sensitive Files Widget
          • Apex One Data Discovery Policy Settings
            • Creating Data Discovery Policies
          • Apex One Data Loss Prevention Policy Settings
            • Data Loss Prevention (DLP)
            • Configuring a Data Loss Prevention Policy
              • Configuring Data Loss Prevention Rules
                • Transmission Scope and Targets for Network Channels
                • Network Channels
                  • Email Clients
                • System and Application Channels
                • Device List Tool
                  • Running the Device List Tool
                • Data Loss Prevention Actions
              • Data Loss Prevention Exceptions
                • Defining Non-monitored and Monitored Targets
                  • Transmission Scope: All Transmissions
                  • Transmission Scope: Only Transmissions Outside the Local Area Network
                • Decompression Rules
        • Policy Resources
          • Application Control Criteria
            • Defining Allowed Application Criteria
            • Defining Blocked Application Criteria
            • Application Match Methods
              • Application Reputation List
              • File Paths
                • File Path Example Usage
              • Certificates
              • Hash Values
          • Data Loss Prevention
            • Data Identifier Types
              • Expressions
                • Predefined Expressions
                  • Viewing Settings for Predefined Expressions
                • Customized Expressions
                  • Criteria for custom expressions
                  • Creating a Customized Expression
                  • Importing Customized Expressions
              • File Attributes
                • Creating a File Attribute List
                • Importing a File Attribute List
              • Keywords
                • Predefined Keyword Lists
                • How keyword lists work
                  • Number of keywords condition
                  • Distance condition
                • Custom keyword lists
                  • Custom keyword list criteria
                  • Creating a Keyword List
                  • Importing a Keyword List
            • Data Loss Prevention Templates
              • Predefined DLP Templates
              • Custom DLP templates
                • Condition statements and logical pperators
                • Creating a Template
                • Importing Templates
          • Intrusion Prevention Rules
            • Intrusion Prevention Rule Properties
          • Device Control Allowed Devices
      • Suspicious Object Sync - Distribution Settings
        • Suspicious Object Hub and Node Architecture
          • Suspicious Object Hub and Node Apex Central Servers
          • Configuring the Suspicious Object Hub and Nodes
          • Unregistering a Suspicious Object Node from the Hub Apex Central
          • Configuration Notes
      • Live Investigations
        • Starting a One-time Investigation
          • One-Time Investigation
        • Starting a Scheduled Investigation
          • Scheduled Investigation
          • Reviewing the Scheduled Investigation History
        • Supported IOC Indicators for Live Investigations
        • Investigation Results
          • Analysis Chains
            • Object Details: Profile Tab
            • Object Details: Related Objects Tab
            • Email Message Correlation
            • Navigating the Analysis Chain
            • Root Cause Analysis Icons
          • Object Details
      • Logs & Reports
        • Logs
          • Querying Logs
            • Log Names and Data Views
          • Configuring Log Aggregation
          • Configuring Syslog Forwarding
            • Disabling Syslog Forwarding
            • Supported Log Types and Formats
          • Deleting Logs
        • Notifications
          • Event Notifications
          • Contact Groups
            • Adding Contact Groups
            • Editing Contact Groups
          • Advanced Threat Activity Events
            • Attack Discovery Detections
            • Behavior Monitoring Violations
            • C&C Callback Alert
            • C&C Callback Outbreak Alert
            • Correlated Incident Detections
            • Email Messages with Advanced Threats
            • High Risk Virtual Analyzer Detections
            • High Risk Host Detections
            • Known Targeted Attack Behavior
            • Potential Document Exploit Detections
            • Predictive Machine Learning Detections
            • Rootkit or Hacking Tool Detections
            • SHA-1 Deny List Detections
            • Watchlisted Recipients at Risk
            • Worm or File Infector Propagation Detections
          • Content Policy Violation Events
            • Email Policy Violation
            • Web Access Policy Violation
          • Data Loss Prevention Events
            • Incident Details Updated
            • Scheduled Incident Summary
            • Significant Incident Increase
            • Significant Incident Increase by Channel
            • Significant Incident Increase by Sender
            • Significant Incident Increase by User
            • Significant Template Match Increase
          • Known Threat Activity Events
            • Network Virus Alert
            • Special Spyware/Grayware Alert
            • Special Virus Alert
            • Spyware/Grayware Found - Action Successful
            • Spyware/Grayware Found - Further Action Required
            • Virus Found - First Action Successful
            • Virus Found - First Action Unsuccessful and Second Action Unavailable
            • Virus Found - First and Second Actions Unsuccessful
            • Virus Found - Second Action Successful
            • Virus Outbreak Alert
          • Network Access Control Events
            • Network VirusWall Policy Violations
            • Potential Vulnerability Attacks
          • Unusual Product Behavior Events
            • Managed Product Unreachable
            • Real-time Scan Disabled
            • Real-time Scan Enabled
          • Standard Token Variables
            • Attack Discovery Token Variables
            • Advanced Threat Activity Token Variables
            • C&C Callback Token Variables
            • Content Policy Violation Token Variables
            • Data Loss Prevention Token Variables
            • Known Threat Activity Token Variables
            • Network Access Control Token Variables
            • Web Access Policy Violation Token Variables
          • Updates
            • Antispam Rule Update Successful
            • Antispam Rule Update Unsuccessful
            • Pattern File/Cleanup Template Update Successful
            • Pattern File/Cleanup Template Update Unsuccessful
            • Scan Engine Update Successful
            • Scan Engine Update Unsuccessful
        • Reports
          • Reports Overview
          • Custom Templates
            • Adding or Editing Custom Templates
              • Configuring the Static Text Report Element
              • Configuring the Bar Chart Report Element
              • Configuring the Line Chart Report Element
              • Configuring the Pie Chart Report Element
              • Configuring the Dynamic Table Report Element
              • Configuring the Grid Table Report Element
          • One-time Reports
            • Creating One-time Reports
            • Viewing One-Time Reports
          • Scheduled Reports
            • Adding Scheduled Reports
            • Editing Scheduled Reports
            • Viewing Scheduled Reports
          • Configuring Report Maintenance
          • Viewing My Reports
      • Administration
        • Component Updates
          • Component Updates
            • Component List
            • Update Source
            • Deployment Plan
              • Adding a Deployment Schedule
          • Configuring Scheduled Update Settings
          • Configuring Manual Update Settings
        • Command Tracking
          • Querying and Viewing Commands
            • Command Details
        • Settings
          • Active Directory and Compliance Settings
            • Active Directory Integration
              • Configuring Active Directory Synchronization
            • Compliance Indicators
              • Configuring the Antivirus Pattern Compliance Indicators
              • Configuring the Data Loss Prevention Compliance Indicator
            • Endpoint and User Grouping
              • Sites
                • Creating a Custom Site
                • Merging Sites
              • Reporting Lines
                • Creating a Custom Reporting Line
                • Merging Reporting Lines
          • Automation API Access Settings
          • Configuring Syslog Forwarding
            • Disabling Syslog Forwarding
            • Supported Log Types and Formats
            • Syslog Content Mapping - CEF
              • CEF Attack Discovery Detection Logs
              • CEF Behavior Monitoring Logs
              • CEF C&C Callback Logs
              • CEF Content Security Logs
                • Filter Action Mapping Table
                • Filter Action Result Mapping Table
              • CEF Data Loss Prevention Logs
                • Action Result Mapping Table
                • Channel Mapping Table
              • CEF Device Access Control Logs
                • Product ID Mapping Table
              • CEF Endpoint Application Control Logs
              • CEF Engine Update Status Logs
              • CEF Intrusion Prevention Logs
              • CEF Network Content Inspection Logs
              • CEF Pattern Update Status Logs
              • CEF Predictive Machine Learning Logs
                • Threat Type Mapping Table
              • CEF Product Auditing Events
              • CEF Sandbox Detection Logs
              • CEF Spyware/Grayware Logs
                • Action Mapping Table
                • Spyware/Grayware Scan Type Mapping Table
                • Spyware/Grayware Risk Type Mapping Table
              • CEF Suspicious File Logs
              • CEF Virus/Malware Logs
                • Second Action Mapping Table
              • CEF Web Security Logs
                • Filter/Blocking Type Mapping Table
                • Protocol Mapping Table
          • Automated Troubleshooting
            • Automated Troubleshooting of Apex One as a Service
            • Configuring Troubleshooting Settings
      • Standard Endpoint Protection FAQs
        • Which Third-Party Security Solutions Can Be Auto-Uninstalled by Standard Endpoint Protection?
    • Server & Workload Protection
      • Dashboard
      • Actions (Application Control)
        • Monitor new and changed software
        • Tips for handling changes
        • Turn on maintenance mode when making planned changes
      • Alerts
        • Configure alerts
          • View alerts in the Server & Workload Protection console
          • Configure alert settings
          • Set up email notification for alerts
          • Turn alert emails on or off
          • Configure an individual user to receive alert emails
          • Configure recipients for all alert emails
        • Predefined alerts
        • Monitor Application Control events
          • Choose which Application Control events to log
          • View Application Control event logs
          • Interpret aggregated security events
          • Monitor Application Control alerts
        • Alert: Integrity Monitoring information collection has been delayed
        • Error: Agent version not supported
      • Events & Reports
        • About Server & Workload Protection event logging
          • Events in JSON format
          • Apply tags to identify and group events
            • Manual tagging
            • Auto-tagging
            • Set the precedence for an auto-tagging rule
            • Auto-tagging log inspection events
            • Trusted source tagging
            • Local trusted computer
            • How does Server & Workload Protection determine whether an event on a target computer matches an event on a trusted source computer?
            • Tag events based on a local trusted computer
            • Tag events based on the Trend Micro Certified Safe Software Service
            • Tag events based on a trusted common baseline
            • Delete a tag
          • Rank events to quantify their importance
          • Reduce the number of logged events
          • Set up Amazon SNS
            • Create an AWS user
            • Create an Amazon SNS topic
            • Enable SNS
            • Create subscriptions
            • SNS configuration in JSON format
          • Log and event storage
            • Limit log file sizes
            • Event logging tips
          • Forward Events to a Syslog or SIEM Server
            • Forward Server & Workload Protection events to a Syslog or SIEM server
              • Allow event forwarding network traffic
              • Define a Syslog configuration
              • Forward system events
              • Forward security events
              • Troubleshoot event forwarding
              • "Failed to Send Syslog Message" alert
              • Can't edit Syslog configurations
              • Syslog not transferred due to an expired certificate
              • Syslog not delivered due to an expired or changed server certificate
              • Compatibility
            • Syslog message formats
            • Configure Red Hat Enterprise Linux to receive event logs
              • Set up a Syslog on Red Hat Enterprise Linux 8
              • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
              • Set up a Syslog on Red Hat Enterprise Linux 5
          • System events
            • Agent events
              • Error: Activation Failed
              • Error: Unable to resolve instance hostname
              • "Offline" agent
                • Causes
                • Verify that the agent is running
                • Verify DNS
                • Allow outbound ports (agent-initiated heartbeat)
                • Allow ICMP on Amazon AWS EC2 instances
                • Fix the upgrade issue on Solaris 11
            • Set up AWS Config Rules
            • Error: Check Status Failed
            • Error: Installation of Feature 'dpi' failed: Not available: Filter
            • Error: Module installation failed (Linux)
            • Error: MQTT Connection Offline
            • Troubleshoot event ID 771 "Contact by Unrecognized Client"
            • Event: Max TCP connections
            • Network Engine Status (Windows)
              • What are Network Engine Status warnings
              • Verify the driver status in Windows
              • Disable Network Engine Status warnings
            • Warning: Insufficient disk space
          • Activity Monitoring events
            • Error: Activity Monitoring engine offline
            • Warning: Activity Monitoring engine has only basic functions
          • Anti-Malware events
            • View and restore identified malware
              • See a list of identified files
              • Working with identified files
              • Search for an identified file
              • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
            • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
            • Troubleshoot "Smart Protection Server disconnected" errors
            • Warning: Anti-Malware engine has only basic functions
            • Error: Anti-Malware Engine Offline
            • Anti-Malware Windows platform update failed
              • An incompatible Anti-Malware component from another Trend Micro product
              • An incompatible Anti-Malware component from a third-party product
              • Other/unknown Error
            • Anti-Malware scan failures and cancellations
          • Web Reputation events
          • Device Control events
            • Error: Device Control Engine Offline
              • If your agent is on Windows
          • Application Control events
            • Error: There are one or more application type conflicts on this computer
              • Resolution
              • Consolidate ports
              • Disable the inherit option
          • Integrity Monitoring events
          • Log inspection events
            • Syslog message formats
            • Error: Log Inspection Rules Require Log Files
              • If the file's location is required
              • If the files listed do not exist on the protected machine
          • Firewall events
            • Why am I seeing firewall events when the firewall module is off?
          • Intrusion prevention events
            • Error: Intrusion Prevention Rule Compilation Failed
              • Apply Intrusion Prevention best practices
              • Manage rules
              • Unassign application types from a single port
            • Warning: Reconnaissance Detected
        • About attack reports
          • Generate reports about alerts and other activity
            • Set up a single report
            • Set up a scheduled report
            • Troubleshoot: Scheduled report sending failed
      • Computers
        • Computer and agent statuses
        • Group computers dynamically with smart folders
        • Add Computers
          • About adding computers
          • Add local network computers
            • Manually add a computer
          • Set up a data center gateway
          • Add Active Directory computers
            • Add a data center gateway
            • Add an Active Directory
            • Additional Active Directory options
            • Remove directory
            • Synchronize now
            • Server certificate usage
            • Keep Active Directory objects synchronized
            • Disable Active Directory synchronization
            • Remove computer groups from Active Directory synchronization
          • Add VMware VMs
            • Add a VMware vCenter to Server & Workload Protection
              • Add a data center gateway
              • Add a VMware vCenter
              • Protect workloads in VMware
            • Add virtual machines hosted on VMware vCloud
              • What are the benefits of adding a vCloud account? {What}
              • Proxy setting for cloud accounts
              • Create a VMware vCloud Organization account for Server & Workload Protection
              • Import computers from a VMware vCloud Organization Account
              • Import computers from a VMware vCloud Air data center
              • Remove a cloud account
          • Add AWS Instances
            • About Adding AWS Accounts
              • Integrate with AWS Systems Manager Distributor
                • Create an IAM policy
                • Create a role and assign the policy
                • Create parameters
                • Create association
                • Protect your computers
              • AWS Auto Scaling and Server & Workload Protection
                • Pre-install the agent
                • Install the agent with a deployment script
                • Delete instances from Server & Workload Protection as a result of Auto Scaling
              • Issues adding your AWS account to Server & Workload Protection
                • AWS is taking longer than expected
                • Resource is not supported in this region
                • Template validation issue
                • Server & Workload Protection was unable to add your AWS account
              • Error: Unable to connect to the cloud account
            • Add Amazon WorkSpaces
              • Protect Amazon WorkSpaces if you already added your AWS account
              • Protect Amazon WorkSpaces if you have not yet added your AWS account
            • Manage an AWS Account
            • Manage an AWS account external ID
              • What is the external ID?
              • Configure the external ID
              • Update the external ID
              • Determine whether you're using a user- or manager-defined external ID
              • Update the external ID through the Server & Workload Protection console
              • Update the external ID through the Server & Workload Protection API
              • Retrieve the external ID
              • Through the Server & Workload Protection API
              • Disable retrieval of the external ID
            • Protect an account running in AWS Outposts
            • Install the agent on an AMI or WorkSpace bundle
              • Add your AWS account to Server & Workload Protection
              • Configure the activation type
              • Launch a master Amazon EC2 instance or Amazon WorkSpace
              • Deploy an agent on the master
              • Verify that the agent was installed and activated properly
              • Set up policy auto-assignment
              • Create an AMI or custom WorkSpace bundle based on the master
              • Use the AMI
            • Install the agent on Amazon EC2 and WorkSpaces
              • Add your AWS accounts to Server & Workload Protection
              • Configure the activation type
              • Open ports
              • Which ports should be opened?
              • Deploy agents to your Amazon EC2 instances and WorkSpaces
              • Verify that the agent was installed and activated properly
              • Assign a policy
            • What does the Cloud Formation template do when I add an AWS account?
          • Azure Instances
            • Synchronize Azure subscriptions
            • Install the agent on Azure VMs
          • Add Google Cloud project Instances
            • Create a Google Cloud Platform service account
              • Prerequisite: Enable the Google APIs
              • Create a GCP service account
              • Add more projects to the GCP service account
              • Create multiple GCP service accounts
            • Add a Google Cloud Platform account
              • What are the benefits of adding a GCP account?
              • Configure a proxy setting for the GCP account
              • Add a GCP account to Server & Workload Protection
              • Remove a GCP account
              • Synchronize a GCP account
            • Install the agent on Google Cloud Platform VMs
          • Manually upgrade your AWS account connection
            • Verify the permissions associated with the AWS role
          • How do I migrate to the new cloud connector functionality?
          • Protect Docker containers
          • Protect OpenShift containers
        • Overview of recommendation scans
          • Enhanced recommendation scan
          • Classic recommendation scan
      • Policies
        • Create policies
          • Create a new policy
          • Other ways to create a policy
          • Import policies from an XML file
          • Duplicate an existing policy
          • Create a new policy based on the recommendation scan of a computer
          • Edit the settings for a policy or individual computer
          • Assign a policy to a computer
          • Disable automatic policy updates
          • Send policy changes manually
          • Export a policy
        • Policies, inheritance, and overrides
        • Detect and configure the interfaces available on a computer
          • Configure a policy for multiple interfaces
          • Enforce interface isolation
        • Overview section of the computer editor
        • Overview section of the policy editor
        • Network engine settings
        • Define Rules, Lists, and Other Common Objects Used by Policies
          • About common objects
            • Create a list of directories for use in policies
            • Create a list of files for use in policies
            • Create a list of file extensions for use in policies
              • Import and export file extension lists
              • See which malware scan configurations use a file extension list
            • Create a list of IP addresses for use in policies
              • Import and export IP lists
              • See which rules use an IP list
            • Create a list of MAC addresses for use in policies
              • Import and export MAC lists
              • See which policies use a MAC list
            • Create a list of ports for use in policies
              • Import and export port lists
              • See which rules use a port list
            • Recommended Exclusions
            • Define a schedule that you can apply to rules
          • Manage role-based access control for common objects
          • Create a firewall rule
          • Allow trusted traffic to bypass the firewall
          • Firewall rule actions and priorities
            • Firewall rule actions
            • More about Allow rules
            • More about Bypass rules
            • Default Bypass rule for Server & Workload Protection traffic
            • More about Force Allow rules
            • Firewall rule sequence
            • A note on logging
            • How firewall rules work together
            • Rule Action
            • Rule priority
            • Putting rule action and priority together
          • Firewall settings
            • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
            • Interface Isolation
            • Interface Patterns
            • Reconnaissance
            • Advanced
            • Events
            • Firewall Events
          • Define stateful firewall configurations
            • Add a stateful configuration
            • Enter stateful configuration information
            • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
            • Export a stateful configuration
            • Delete a stateful configuration
            • See policies and computers a stateful configuration is assigned to
          • Container Firewall rules
          • Manage Container Protection
            • Apply real-time scan
            • Apply your firewall settings
            • Apply your intrusion prevention settings
      • Configure Protection Modules
        • Configure Intrusion Prevention
          • About Intrusion Prevention
          • Set up Intrusion Prevention
            • Enable Intrusion Prevention in Detect mode
            • Enable Auto Apply core Endpoint & Workload rules
            • Test Intrusion Prevention
            • Apply recommended rules
            • Check Intrusion Prevention events
            • Enable fail open for packet or system failures
            • Switch to Prevent mode
            • HTTP Protocol Decoding rule
            • Cross-site scripting and generic SQL injection rules
          • Configure intrusion prevention rules
            • The intrusion prevention rules list
            • Intrusion prevention license types
            • See information about an intrusion prevention rule
            • General Information
            • Details
            • Identification (Trend Micro rules only)
            • See information about the associated vulnerability (Trend Micro rules only)
            • Assign and unassign rules
            • Automatically assign core Endpoint & Workload rules
            • Automatically assign updated required rules
            • Configure event logging for rules
            • Generate alerts
            • Setting configuration options (Trend Micro rules only)
            • Schedule active times
            • Exclude from recommendations
            • Set the context for a rule
            • Override the behavior mode for a rule
            • Override rule and application type configurations
            • Export rules
            • Import rules
          • Configure an SQL injection prevention rule
          • Application types
            • See a list of application types
            • General Information
            • Connection
            • Configuration
            • Options
            • Assigned To
          • Inspect TLS traffic
          • TLS inspection support
            • Manage TLS inspection support package updates
            • Disable TLS inspection support package updates on a single agent
            • Disable TLS inspection support package updates by policy
          • Configure anti-evasion settings
          • Performance tips for intrusion prevention
        • Configure Anti-Malware
          • About Anti-Malware
          • Anti-Malware Set Up
            • Enable and configure Anti-Malware
            • Configure malware scans
              • Create or edit a malware scan configuration
              • Test malware scans
              • Dynamic Intelligence Mode
              • Configure Anti-Malware Monitoring Level
              • Enable Windows AMSI protection (real-time scans only)
              • Scan for spyware and grayware
              • Scan for compressed executable files (real-time scan only)
              • Scan process memory (real-time scans only)
              • Scan compressed files
              • Scan embedded Microsoft Office objects
              • Enable a manual scan for the notifier application
              • Configure malware scan inclusions
              • Configure malware scan exclusions
              • Test file exclusions
              • Syntax for malware scan inclusions and exclusions
              • Scan a network directory (real-time scan only)
              • Specify when real-time scans occur
              • Customize malware remedial actions
              • ActiveAction actions
              • Generate alerts for malware detection
              • Identify malware files by file hash digest
              • Configure notifications on the computer
              • Run scheduled scans when Server & Workload Protection is not accessible
              • Troubleshooting malware scans
            • Performance tips for Anti-Malware
              • Minimize disk usage
              • Optimize CPU usage
              • Optimize RAM usage
            • Configure Deep Security and Microsoft Defender Antivirus for Windows
          • Detect emerging threats using Predictive Machine Learning
            • Enable Predictive Machine Learning
          • Enhanced Anti-Malware and ransomware scanning with behavior monitoring
            • How does enhanced scanning protect you?
            • How to enable enhanced scanning
            • What happens when enhanced scanning finds a problem?
          • Smart Protection in Server & Workload Protection
            • Anti-Malware and Smart Protection
            • Benefits of Smart Scan
            • Enable Smart Scan
            • Smart Protection Server for File Reputation Service
            • Web Reputation and Smart Protection
            • Smart Feedback
          • Handle Anti-Malware
            • View and restore identified malware
              • See a list of identified files
              • Working with identified files
              • Search for an identified file
              • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
            • Create Anti-Malware exceptions
            • Increase debug logging for Anti-Malware in protected Linux instances
        • Configure Firewall
          • About Firewall
          • Set up the Server & Workload Protection firewall
          • Create a firewall rule
          • Allow trusted traffic to bypass the firewall
          • Firewall rule actions and priorities
            • Firewall rule actions
            • More about Allow rules
            • More about Bypass rules
            • Default Bypass rule for Server & Workload Protection traffic
            • More about Force Allow rules
            • Firewall rule sequence
            • A note on logging
            • How firewall rules work together
            • Rule Action
            • Rule priority
            • Putting rule action and priority together
          • Firewall settings
            • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
            • Interface Isolation
            • Interface Patterns
            • Reconnaissance
            • Advanced
            • Events
            • Firewall Events
          • Define stateful firewall configurations
            • Add a stateful configuration
            • Enter stateful configuration information
            • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
            • Export a stateful configuration
            • Delete a stateful configuration
            • See policies and computers a stateful configuration is assigned to
          • Container Firewall rules
        • Manage Container Protection
          • Apply real-time scan
          • Apply your firewall settings
          • Apply your intrusion prevention settings
        • Configure Web Reputation
          • Turn on the Web Reputation module
          • Trend Micro Toolbar
          • Inline and Tap mode
          • Configure the security level
          • Create exceptions
          • Configure the Smart Protection Server
          • Web Reputation advanced settings
          • Test Web Reputation
        • Configure Device Control
        • Configure Integrity Monitoring
          • About Integrity Monitoring
          • Set up Integrity Monitoring
            • Enable Integrity Monitoring
            • Turn on Integrity Monitoring
            • Run a recommendation scan
            • Disable real-time scanning
            • Apply the Integrity Monitoring rules
            • Build a baseline for the computer
            • Periodically scan for changes
            • Test Integrity Monitoring
            • Improve Integrity Monitoring scan performance
            • Limit resource usage
            • Change the content hash algorithm
            • Integrity Monitoring event tagging
          • Create an Integrity Monitoring rule
            • Add a new rule
            • Enter Integrity Monitoring rule information
            • Select a rule template and define rule attributes
            • Registry Value template
            • File template
            • Custom (XML) template
            • Configure Trend Micro Integrity Monitoring rules
            • Configure rule events and alerts
            • Real-time event monitoring
            • Alerts
            • See policies and computers a rule is assigned to
            • Export a rule
            • Delete a rule
          • Integrity Monitoring Rules Language
            • About the Integrity Monitoring rules language
            • DirectorySet
            • FileSet
            • GroupSet
            • InstalledSoftwareSet
            • PortSet
            • ProcessSet
            • RegistryKeySet
            • RegistryValueSet
            • ServiceSet
            • UserSet
            • WQLSet
        • Configure Log Inspection
          • About Log Inspection
          • Set up Log Inspection
            • Turn on the log inspection module
            • Run a recommendation scan
            • Apply the recommended log inspection rules
            • Test Log Inspection
            • Configure log inspection event forwarding and storage
          • Define a Log Inspection rule for use in policies
        • Configuring Application Control
          • About Application Control
            • Key software ruleset concepts
            • How do Application Control software rulesets work?
            • A tour of the Application Control interface
            • Application Control: Software Changes (Actions)
            • Application Control Software Rulesets
            • Security Events
            • Application Control Trust Entities
            • What does Application Control detect as a software change?
          • Set up Application Control
            • Turn on Application Control
            • Monitor new and changed software
            • Tips for handling changes
            • Turn on maintenance mode when making planned changes
            • Application Control tips and considerations
          • Verify that Application Control is enabled
          • Monitor Application Control events
            • Choose which Application Control events to log
            • View Application Control event logs
            • Interpret aggregated security events
            • Monitor Application Control alerts
          • View and change Application Control software rulesets
            • View Application Control software rulesets
            • Security Events
            • Change the action for an Application Control rule
            • Delete an individual Application Control rule
            • Delete an Application Control ruleset
          • Application Control trust entities
            • Trust rulesets
            • Create a trust ruleset
            • Assign or unassign a trust ruleset
            • To assign a trust ruleset:
            • To unassign a trust ruleset:
            • Delete a trust ruleset
            • Trust rules
            • Types of trust rules
            • Create a trust rule
            • Change trust rule properties
            • Delete a trust rule
            • Types of trust rule properties
            • Process Name
            • Paths
            • SHA-256
            • From Windows PowerShell (for source or target):
            • From Server & Workload Protection (for target only):
            • Vendor
            • From File Explorer:
            • From Server & Workload Protection:
            • Product Name
            • From file properties:
            • From File Explorer:
            • From Server & Workload Protection:
            • Signer Name
            • Issuer Common Name
            • Issuer Organizational Unit
            • Issuer Organization
            • Issuer Locality
            • Issuer State or Province
            • Issuer Country
            • Application Control event aggregation and analysis
            • Drift events
            • Trust rules for drift events
            • Security events
            • Trust rules for security events
            • Event analysis output
            • Debug trust rules
            • Consult metrics
            • View signer information
            • Trust rule property limitations for Linux
          • Reset Application Control after too much software change
          • Use the API to create shared and global rulesets
            • Create a shared ruleset
            • Change from shared to computer-specific allow and block rules
            • Deploy Application Control shared rulesets via relays
            • Single tenant deployments
            • Multi-tenant deployments
            • Considerations when using relays with shared rulesets
      • Administration
        • Configure Proxies
          • Configure proxies
          • Proxy settings
          • OS Proxy
        • Configure Relays
          • How relays work
          • Deploy more relays
            • Plan the best number and location of relays
            • Create relay groups
            • Enable relays
            • Assign agents to a relay group
            • Connect agents to a relay's private IP address
          • Check relay connectivity
          • Remove relay functionality from an agent
        • Set up a data center gateway
        • Upgrade Server & Workload Protection
          • About upgrades
          • Apply component updates
            • Configure the component update source
            • Manually retrieve component updates
            • Component update status
            • Pattern updates
            • Rule updates
            • Configure component update settings
          • Disable emails for New Pattern Update alerts
          • Use a web server to distribute software updates
            • Web server requirements
            • Copy the folder structure
            • Configure agents to use the new software repository
          • Upgrade a relay
            • Upgrade a relay from Server & Workload Protection
            • Upgrade a relay by running the installer manually
          • Upgrade the agent
            • Before you begin
            • Upgrade the agent starting from an alert
            • Upgrade multiple agents at once
            • Upgrade the agent from the Computers page
            • Upgrade the agent on activation
            • Upgrade the agent from a Scheduled Task
            • Upgrade the agent manually
            • Upgrade the agent on Windows
            • Upgrade the agent on Linux
            • Upgrade the agent on Solaris
            • Upgrade the agent on AIX
            • Best practices for agent upgrade
          • Install Trend Vision One Endpoint Security agent via Deep Security Agent
            • Before you begin
            • Install Trend Vision One Endpoint Security agent
            • Schedule a task
            • Use Trend Vision One Endpoint Sensor
        • Manage Agents (Protected Computers)
          • Get agent software
            • Check digital signatures of software packages
          • Install the agent
            • Install the agent manually
            • Install the agent on Windows
            • Installation on Amazon WorkSpaces
            • Installation on Windows 2012 Server Core
            • Install the agent on Red Hat, Amazon, SUSE, Oracle, or Cloud Linux
            • Install the agent on Ubuntu or Debian
            • Install the agent on Solaris
            • Install the agent on AIX
            • Install the agent on macOS
            • Install the agent on Red Hat OpenShift:
            • Before you begin
            • Installing the agent
            • Install the agent using other methods
            • Post-installation tasks
            • Configure Mobile Device Management on Server & Workload Protection for the macOS agent
          • Activate the agent
            • Deactivate the agent
            • Start or stop the agent
          • Configure agent version control
            • Agent platform compatibility
              • Server & Workload Protection Sizing
              • Supported features by Windows version
              • Supported features by Windows Server version
              • Supported features by Linux platform
              • Supported features by macOS platform
              • Linux file system compatibility
              • Linux kernel compatibility
                • Disable optional Linux kernel support package updates
                • Disable kernel support package updates on one computer
                • Disable kernel support package updates on multiple computers
              • SELinux support
              • Linux systemd support
          • Configure teamed NICs
          • Communication between Server & Workload Protection and the agent
            • Configure the heartbeat
            • Configure communication directionality
            • Supported cipher suites for communication
            • Agent version 9.5 cipher suites
            • Agent version 9.6 cipher suites
            • Agent version 10.0 cipher suites
            • Agent version 11.0 cipher suites
            • Agent version 12.0 and Agent version 20 cipher suites
          • Configure agents that have no Internet access
          • Activate and protect agents using agent-initiated activation and communication
            • Enable agent-initiated activation and communication
            • Create or modify policies with agent-initiated communication enabled
            • Enable agent-initiated activation
            • Assign the policy to agents
            • Use a deployment script to activate the agents
          • Automatically upgrade agents on activation
          • Using the agent with iptables
          • Enable Managed Detection and Response
          • Enable or disable agent self-protection
            • Configure self-protection through the Server & Workload Protection console
            • Configure self-protection using the command line
            • For agents on Windows
            • For agents on Linux
            • For agents on macOS
            • Limitations on Linux
            • Troubleshooting the Linux agent
          • Are "Offline" agents still protected by Server & Workload Protection?
          • Automate offline computer removal with inactive agent cleanup
            • Ensure computers that are offline for extended periods of time remain protected with Server & Workload Protection
            • Audit logs for computers removed by inactive agent removal
          • Agent settings
          • User mode solution
          • Notifier application
            • How the notifier works
            • Trigger a manual scan
            • Windows
            • macOS
          • Configure CPU usage control
        • Harden Server & Workload Protection
          • About Server & Workload Protection hardening
          • Manage trusted certificates
            • Import trusted certificates
            • View trusted certificates
            • Remove trusted certificates
          • SSL implementation and credential provisioning
          • Protect the agent
          • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
        • Define contexts for use in policies
          • Configure settings used to determine whether a computer has internet connectivity
          • Define a context
        • Customize advanced system settings
        • Server & Workload Protection Settings
        • Add contacts - users who can only receive reports
          • Add or edit a contact
          • Delete a contact
        • Automate
          • Automate Using the API and SDK
            • API Reference
            • The API and SDK - DevOps tools for automation
            • Send your first request using the API
            • Notes about resource property values
            • About the overrides parameter
            • Search for resources
            • API rate limits
            • Performance tips
            • Troubleshooting tips
            • API Cookbook
              • About the API Cookbook
              • Set Up to Use Bash or PowerShell
                • Bash or PowerShell?
                • Check your environment
                • Check your connection to Server & Workload Protection
                • Check your cURL software (for Bash)
                • Check your PowerShell software
                • Create an API key
                • Test your setup
                • Bash
                • PowerShell
                • Final comments
                • Related resources
              • Get a List of Computers (Bash and PowerShell)
              • Search for a Policy (Bash and PowerShell)
                • Before you begin
                • Bash
                • PowerShell
                • Notes
                • Related resources
              • Assign a policy to a computer (Bash and PowerShell)
                • Before you begin
                • Bash
                • PowerShell
                • Notes
                • Related resources
              • Assign a policy to many computers (Bash and PowerShell)
                • Before you begin
                • jq for Bash
                • Required information
                • Bash
                • Let's dig into that Bash script
                • PowerShell
                • Let's dig into that PowerShell script
                • Notes
                • Related Resources
            • SDK Guides
              • Python SDK
                • Get set up to use the Python SDK
                • Prerequisites
                • Download and install the Python SDK
                • Install a Python IDE
                • Windows
                • Linux
                • Add the SDK to a project in PyCharm
                • Next Steps
              • SDK version compatibility
              • Run the code examples
              • Index of code examples
              • Deploy Server & Workload Protection
                • Use the API to generate an agent deployment script
                  • General steps
                  • Example
                • Integrate Server & Workload Protection with AWS Services
                  • Workflow pattern
                  • Amazon GuardDuty
                  • Amazon Macie
                  • Amazon Inspector
                  • AWS WAF
                  • AWS Config
                • Add Computers
                • Add a Google Cloud Platform Connector
                  • Submit a Sync Action for a GCP Connector
                • Control Access Using Roles
                  • General steps
                  • Example: Create a role
                • Create and Manage API Keys
                  • About API Keys
                  • Create an API Key Using Code
                    • Obtain a role ID
                    • Create an API key using an SDK
                    • Create an API key using a username and password
                    • Obtain a session cookie and a request ID
                    • Create an API key using the session cookie and the request ID
                  • Create an API Key using the Server & Workload Protection console
                    • Lock out an existing API key
                  • Manage API keys after their creation
                • Configure Server & Workload Protection system settings
                  • Retrieve, modify, or reset a single system setting
                  • Example: Modify a single system setting
                  • List or modify multiple system settings
                  • Example: Modify multiple system settings
                • Monitor Server & Workload Protection events
              • Configure Protection
                • Create and configure a policy
                  • Create a policy
                  • Assign a policy to a computer
                  • Configure policy and default policy settings
                  • Default setting values and overrides
                  • Policy setting and default policy setting classes
                  • Retrieve the value of a policy setting or default policy setting
                  • List all policy or default policy settings
                  • Configure a single policy or default policy setting
                  • Configure multiple policy and default policy settings
                  • Reset policy overrides
                  • Reset an ID reference
                  • Reset a setting
                  • Reset the status of a security module
                  • Reset a rule
                  • Reset all overrides of a rule
                  • Selectively reset overrides of a rule
                • Configure Firewall
                  • General steps
                  • Example
                  • Create a firewall rule
                  • Limitations to configuring stateful configurations
                • Configure Intrusion Prevention
                  • General steps
                  • Example
                  • Create an Intrusion Prevention rule
                • Configure Anti-Malware
                  • General steps
                  • Example
                  • Create and modify malware scan configurations
                  • General steps for creating malware scan configurations
                  • Example malware scan configuration
                • Configure Web Reputation
                  • General steps
                  • Example
                • Configure Device Control
                  • General steps
                  • Example
                  • Create a USB Device Exception
                • Configure Application Control
                  • Configure Application Control for a policy
                  • Allow or block unrecognized software
                  • Create a shared ruleset
                  • Add Global Rules
                  • Configure maintenance mode during upgrades
                • Configure Integrity Monitoring
                  • General steps
                  • Example
                  • Create an Integrity Monitoring rule
                • Configure Log Inspection
                  • General steps
                  • Example
                  • Create a Log Inspection rule
                  • Create a basic Log Inspection rule
                  • Create a log inspection rule using XML
                • Create and modify lists
                • Create and configure schedules
                • Override policies on a computer
                  • Discover overrides
                  • Configure computer overrides
                  • Configure a single computer setting
                  • Configure settings and protection modules
                  • Rule overrides
              • Maintain Protection
                • Report on computer status
                  • Discover unprotected computers
                  • Find computers based on agent status
                  • Find computers based on module status
                  • See the state of a virtual machine
                  • Get computer configurations
                  • Discover the Anti-Malware configuration of a computer
                  • Get applied intrusion prevention rules
                • Patch unprotected computers
                  • Example: Find the Intrusion Prevention rule for a CVE
                  • Example: Find computers that are not protected against a CVE
                  • Example: Add intrusion prevention rules to computers' policies
                • Assign rules with recommendation scans
                  • Determine when a recommendation scan last ran
                  • Example: Get the date of the last recommendation scan for all computers
                  • Apply recommendations
                • Maintain protection using scheduled tasks
                  • Related classes
                  • Create a scheduled task
                  • Configure general properties
                  • Create the schedule
                  • Example: Daily schedule
                  • Example: Monthly schedule
                  • Configure the task
                  • Example: Create a scheduled task
                  • Create, run, and delete a scheduled task
                  • Run an existing scheduled task
            • Settings reference
            • Use the Legacy APIs
              • Provide access for legacy APIs
              • Transition from the SOAP API
              • Use the legacy REST API
          • Automate Using the Console
            • Schedule Server & Workload Protection to perform tasks
            • Automatically perform tasks when a computer is added or changed (event-based tasks)
            • AWS Auto Scaling and Server & Workload Protection
              • Pre-install the agent
              • Install the agent with a deployment script
              • Delete instances from Server & Workload Protection as a result of Auto Scaling
            • Azure virtual machine scale sets and Server & Workload Protection
            • GCP auto scaling and Server & Workload Protection
              • Pre-install the agent
              • Install the agent with a deployment script
              • Delete instances from Server & Workload Protection as a result of GCP MIGs
            • Use deployment scripts to add and protect computers
              • Generate a deployment script
              • Troubleshooting and tips
            • URL format for download of the agent
            • Automatically assign policies using cloud provider tags/labels
          • Command-line basics
            • dsa_control
            • dsa_control options
            • Agent-initiated activation ("dsa_control -a")
            • Agent-initiated heartbeat command ("dsa_control -m")
            • Activate an agent
            • Windows
            • Linux
            • macOS
            • Force the agent to contact the manager
            • Windows
            • Linux
            • macOS
            • Initiate a manual anti-malware scan
            • Windows
            • Linux
            • macOS
            • Create a diagnostic package
            • Reset the agent
            • Windows
            • Linux
            • macOS
            • dsa_query
            • dsa_query options
            • Check CPU usage and RAM usage
            • Windows
            • Linux
            • Check that ds_agent processes or services are running
            • Windows
            • Linux
            • Restart an agent on Linux
      • Integrations
        • Integrate with AWS Control Tower
          • Overview
          • Integrate with AWS Control Tower
          • Upgrade AWS Control Tower integration
          • Remove AWS Control Tower integration
        • Integrate with AWS Systems Manager Distributor
          • Create an IAM policy
          • Create a role and assign the policy
          • Create parameters
          • Create association
          • Protect your computers
        • Integrate with SAP NetWeaver
        • Integrate with Smart Protection Server
      • FAQs
        • About the Server & Workload Protection components
        • Why does my Windows machine lose network connectivity when I turn on protection?
        • How does agent protection work for Solaris zones?
        • Can Server & Workload Protection protect AWS GovCloud or Azure Government workloads?
        • How does the agent use the Amazon Instance Metadata Service?
        • Why can't I add my Azure server using the Azure cloud connector?
        • Why can't I view all the VMs in an Azure subscription in Server & Workload Protection?
        • How does credit allocation work for Server & Workload Protection?
        • How do I configure user permissions for Server & Workload Protection
      • Troubleshooting
        • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
        • Server & Workload Protection Port numbers
        • "Offline" agent
          • Causes
          • Verify that the agent is running
          • Verify DNS
          • Allow outbound ports (agent-initiated heartbeat)
          • Allow ICMP on Amazon AWS EC2 instances
          • Fix the upgrade issue on Solaris 11
        • High CPU usage
        • Diagnose problems with agent deployment (Windows)
        • Anti-Malware Windows platform update failed
          • An incompatible Anti-Malware component from another Trend Micro product
          • An incompatible Anti-Malware component from a third-party product
          • Other/unknown Error
        • Component update connectivity
        • Network Engine Status (Windows)
          • What are Network Engine Status warnings
          • Verify the driver status in Windows
          • Disable Network Engine Status warnings
        • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
        • Issues adding your AWS account to Server & Workload Protection
          • AWS is taking longer than expected
          • Resource is not supported in this region
          • Template validation issue
          • Server & Workload Protection was unable to add your AWS account
        • Create a diagnostic package and logs
          • Agent diagnostics
          • Create an agent diagnostic package via Server & Workload Protection
          • Create an agent diagnostic package via CLI on a protected computer
          • Collect debug logs with DebugView
        • Removal of older software versions
        • Troubleshoot SELinux alerts
        • Troubleshoot Azure Code Signing
      • Trust and Compliance Information
        • About compliance
        • Agent package integrity check
        • Set up AWS Config Rules
        • Bypass vulnerability management scan traffic in Server & Workload Protection
          • Create a new IP list from the vulnerability scan provider IP range or addresses
          • Create firewall rules for incoming and outbound scan traffic
          • Assign the new firewall rules to a policy to bypass vulnerability scans
        • Use TLS 1.2 with Server & Workload Protection
          • TLS architecture
          • Enable the TLS 1.2 architecture
          • Next steps (deploy new agents and relays)
          • Guidelines for using deployment scripts
    • Agent Resource Monitoring
    • Trend Vision One Endpoint Security agent console
      • Agent console notifications
      • Agent console icon status messages
  • Cloud Security
    • Cloud Risk Management
      • Cloud Security Posture
        • Help topics
        • Manage cloud accounts
          • Cloud accounts
          • Add cloud accounts
          • Managing preferences
            • Notification preferences
              • Email Notifications
              • Mobile Notifications
            • Rule preferences
              • New Rules Behavior
            • Guided Exclusions
            • PDF Reports Logo
          • Account settings
            • Cloud account settings
            • Cloud account general settings
            • Manage cloud account tags
              • Cloud account tags
            • Manage account groups
              • Grouped accounts
              • Group settings
        • Manage users
          • User
        • Cloud Security Posture
          • Cloud Risk Index
          • Asset Coverage
          • Protection
          • Security Posture
          • Compliance
          • Assets at Risk
          • Cloud Accounts Breakdown
          • Account details
          • Entitlements
          • AI Security Posture Management (AI-SPM)
          • Project Centric Overview
            • Define and Manage Projects
        • Misconfiguration and Compliance
          • Accounts navigation
          • All accounts
          • Add account
          • Summary widget
          • Threat monitoring section
          • Compliance status widget
          • Compliance evolution
          • Status per AWS region
          • Most critical failures
          • Summary
            • Report summary
            • Compliance evolution summary
        • Cloud Risk Management rules
          • Introduction to Cloud Risk Management rules
            • Contents
            • What rules does Trend Vision One™ – Cloud Risk Management support?
            • What is the frequency of running the rules?
            • What rules are run?
            • New Accounts
            • Rules configuration
            • Rule settings
            • Anatomy of a rule
            • Check summary
            • Not scored
            • Deprecated Rules
            • Rules supported by Real Time Monitoring
            • FAQs
          • Checks
            • Model check
              • What are Checks?
              • Viewing Checks
              • Check Actions
              • Failure and Success Definition
              • Not Scored Checks
            • Failed check resolution
              • Steps to resolve failures
            • Auto remediation
              • Content
              • How does auto-remediation work
              • Set up auto-remediation
              • Enable or disable rules after deploying auto-remediation
              • Testing auto-remediation deployment
              • Resolution using Manual notifications
              • Verify the auto-remediation resolution
              • Contribution to Auto-remediation project
            • Rules suppress check
            • Send rule to
          • Configurations
            • Rules configuration
            • Configure rules for friendly accounts
          • Rule categories
          • Search
            • Filter and search
              • Contents
              • Filter tags
              • Filter tags Exact Match
              • Filter tags Partial Match
              • Resource Id syntax
              • Regular expression syntax
              • Reserved characters
              • Standard operators
              • Wildcard syntax
              • Only show checks
              • Only show checks
              • How it works
            • CQL filter method
              • Contents
              • Logical operators
              • Resource Wildcards
              • Resource regular expressions
              • Fields list
              • Using CQL to filter your checks
              • Query examples
        • Reports
          • Rules status reports
          • All checks report
          • Configured reports
          • Cloud Risk Management report
          • Generate and download report
        • Compliance
          • Compliance and Cloud Risk Management
            • Supported Standards and Frameworks
            • Standard and Framework checks report
            • Compliance Excel Report
            • Example CIS AWS Foundations report
          • Compliance reports
          • Compliance score
        • Monitoring Real-Time Posture
          • Real-Time Posture Monitoring
            • Setup Real-Time Posture Monitoring
            • Access Real-Time Posture Monitoring
          • Real-Time Posture Monitoring settings
          • Activity Dashboard
          • Monitoring Dashboard
        • Communication and notification
          • Supported notifications
          • Re-run historical check notifications
          • Communication settings
            • Settings for notifications
            • Toggle automatic notifications
            • Communication triggers
            • Communication recipients
            • Copy communication settings
            • Toggle manual notifications
          • Communication channels
            • Communication integrations
            • Email communication
            • SMS communication
            • Slack communication
            • Pagerduty communication
            • Jira communication
              • Jira integration
              • Oauth client Jira setup
            • Zendesk communication
            • ServiceNow communication
            • Amazon SNS communication
            • Microsoft Teams communication
            • Webhook communication
        • Cloud Risk Management Scan help
          • Cloud Risk Management Scan
          • Configuring Cloud Risk Management Scan
            • Cloud Risk Management Scan settings
            • Disable Cloud Risk Management Scan
            • Cloud Risk Management Scan enabled regions
            • Cloud Risk Management Scan frequency
          • Cloud Risk Management Scan - AWS
            • AWS integration
              • Supported regions
              • Unsupported regions
              • AWS Well-Architected Tool
            • AWS custom policy
          • Azure integration
            • Add Access Policy for Key Vault Attributes
          • Cloud Risk Management Scan - GCP
            • Add Cloud Risk Management IP address to GCP access level policy
        • Rule setting profiles
        • Template scanner
          • Template scanner
          • AWS CDK Development Kit (CDK) Example
          • AWS Cloudformation Example
          • Serverless Framework (AWS) Example
          • Terraform (AWS) Example
        • Performance
          • Performance troubleshooting
        • Cloud Security Posture FAQs
    • Container Security
      • Getting started with Container Security
        • Creating a Container Protection Runtime Security ruleset
        • Creating a Container Protection policy
          • Creating a Kubernetes protection policy
          • Creating an Amazon ECS policy
        • Kubernetes cluster security
          • Kubernetes cluster components descriptions
          • Kubernetes system requirements for Container Security
            • OpenShift requirements
            • Runtime Security performance impact
          • Connect Amazon EKS clusters (with and without Fargate)
            • Amazon EKS Fargate system requirements
          • Connect Microsoft AKS clusters
          • Connect Google GKE clusters
            • Adding a firewall rule for admission-webhook in private GKE clusters
          • Grouped namespaces
        • Amazon ECS cluster security
          • Connect Amazon ECS clusters using a new AWS account
          • Connect Amazon ECS clusters using an existing AWS account
          • Set up connected Amazon ECS Fargate clusters
      • Container Inventory
        • Kubernetes clusters
          • Supported Runtime Security Linux kernels (major and minor versions)
          • Supported Helm versions
            • Upgrade Helm chart from Trend Cloud One to Trend Vision One
          • Obtain an API key for automated cluster registration
          • Connect Amazon EKS clusters (with and without Fargate)
          • Connect Microsoft AKS clusters
          • Connect Google GKE clusters
            • Adding a firewall rule for admission-webhook in private GKE clusters
          • Connect Alibaba Cloud ACK clusters
          • Enable Runtime Security and scanning features
            • Runtime Malware Scanning Configuration Settings
          • Proxy Settings Script Generator (for Kubernetes clusters)
        • Amazon ECS clusters
          • Amazon ECS Feature Support
          • Amazon ECS feature costs
          • Connect Amazon ECS clusters using a new AWS account
          • Connect Amazon ECS clusters using an existing AWS account
          • Set up connected Amazon ECS Fargate clusters
          • Enable Runtime Security and Runtime Scanning on Amazon ECS clusters
          • Configure a proxy for ECS instances
          • Adjust the CPU and memory allocations for ECS clusters
        • Container Security Protection status
        • Container response actions (Isolate/Resume, Terminate)
        • Disabling Container Security
          • Removing Container Security from your AWS account
      • Container Protection
        • Policies
          • Managing Kubernetes protection policies
          • Managing Amazon ECS policies
          • Cluster-managed policies
            • Enabling cluster-managed policies
            • Custom resources for cluster-managed policies
            • Resource cleanup
        • Rulesets
          • Managing Rulesets
          • Predefined rules
        • Compliance
          • Kubernetes compliance scanning
          • Compliance scanning report recommendations
            • Amazon Elastic Kubernetes (EKS) 1.4.0 recommendations
              • 2.1.1 - Enable audit logs (automated)
              • 3.2.1 - Ensure that anonymous authentication is not enabled (automated)
              • 3.2.2 - Ensure that the authorization-mode argument is not set to AlwaysAllow (automated)
              • 3.2.3 - Ensure that a Client CA file is configured (automated)
              • 3.2.5 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (automated)
              • 3.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (automated)
              • 3.2.7 - Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture (automated)
              • 3.2.9 - Ensure that the RotateKubeletServerCertificate argument is set to true (automated)
              • 4.1.3 - Minimize wildcard use in Roles and ClusterRoles (automated)
              • 5.1.1 - Ensure Image Vulnerability Scanning using Amazon ECR or a third-party provider (automated)
              • 5.4.1 - Restrict Access to the Control Plane Endpoint (automated)
              • 5.4.2 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated)
              • 5.4.3 Ensure clusters are created with Private Nodes (Automated)
              • 5.4.4 Ensure Network Policy is Enabled and set as appropriate (Automated)
            • Amazon Elastic Kubernetes (EKS) 1.5.0 recommendations
              • 3.1.1 - Ensure that the kubeconfig file permissions are set to 644 or more restrictive (Automated)
              • 3.1.2 - Ensure that the kubelet kubeconfig file ownership is set to root:root (Automated)
              • 3.1.3 - Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Automated)
              • 3.1.4 - Ensure that the kubelet configuration file ownership is set to root:root (Automated)
              • 3.2.4 - Ensure that the --read-only-port is disabled (Automated)
              • 3.2.8 - Ensure that the --rotate-certificates argument is not present or is set to true (Automated)
              • 4.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 4.1.2 - Minimize access to secrets (Automated)
              • 4.1.4 - Minimize access to create pods (Automated)
              • 4.1.5 - Ensure that default service accounts are not actively used (Automated)
              • 4.1.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.1.7 - Avoid use of system:masters group (Automated)
              • 4.2.1 - Minimize the admission of privileged containers (Automated)
              • 4.2.2 - Minimize the admission of containers wishing to share the host process ID namespace (Automated)
              • 4.2.3 - Minimize the admission of containers wishing to share the host IPC namespace (Automated)
              • 4.2.4 - Minimize the admission of containers wishing to share the host network namespace (Automated)
              • 4.2.5 - Minimize the admission of containers with allowPrivilegeEscalation (Automated)
              • 4.3.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 4.4.1 - Prefer using secrets as files over secrets as environment variables (Automated)
              • 4.5.3 - The default namespace should not be used (Automated)
              • 5.2.1 - Prefer using dedicated EKS Service Accounts (Automated)
            • Kubernetes 1.9.0 recommendations
              • 1.1.1 - Ensure that the API server pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.2 - Ensure that the API server pod specification file ownership is set to root:root (Automated)
              • 1.1.3 - Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.4 - Ensure that the controller manager pod specification file ownership is set to root:root (Automated)
              • 1.1.5 - Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.6 - Ensure that the scheduler pod specification file ownership is set to root:root (Automated)
              • 1.1.7 - Ensure that the etcd pod specification file permissions are set to 600 or more restrictive (Automated)
              • 1.1.8 - Ensure that the etcd pod specification file ownership is set to root:root (Automated)
              • 1.1.11 - Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)
              • 1.1.12 - Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)
              • 1.1.13 - Ensure that the default administrative credential file permissions are set to 600 (Automated)
              • 1.1.14 - Ensure that the default administrative credential file ownership is set to root:root (Automated)
              • 1.1.15 - Ensure that the scheduler.conf file permissions are set to 600 or more restrictive (Automated)
              • 1.1.16 - Ensure that the scheduler.conf file ownership is set to root:root (Automated)
              • 1.1.17 - Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive (Automated)
              • 1.1.18 - Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
              • 1.1.19 - Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
              • 1.2.2 - Ensure that the --token-auth-file parameter is not set (Automated)
              • 1.2.4 - Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate (Automated)
              • 1.2.5 - Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
              • 1.2.6 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 1.2.7 - Ensure that the --authorization-mode argument includes Node (Automated)
              • 1.2.8 - Ensure that the --authorization-mode argument includes RBAC (Automated)
              • 1.2.10 - Ensure that the admission control plugin AlwaysAdmit is not set (Automated)
              • 1.2.12 - Ensure that the admission control plugin ServiceAccount is set (Automated)
              • 1.2.13 - Ensure that the admission control plugin NamespaceLifecycle is set (Automated)
              • 1.2.14 - Ensure that the admission control plugin NodeRestriction is set (Automated)
              • 1.2.15 - Ensure that the --profiling argument is set to false (Automated)
              • 1.2.16 - Ensure that the --audit-log-path argument is set (Automated)
              • 1.2.17 - Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
              • 1.2.18 - Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
              • 1.2.19 - Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
              • 1.2.21 - Ensure that the --service-account-lookup argument is set to true (Automated)
              • 1.2.22 - Ensure that the --service-account-key-file argument is set as appropriate (Automated)
              • 1.2.23 - Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
              • 1.2.24 - Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Automated)
              • 1.2.25 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 1.2.26 - Ensure that the --etcd-cafile argument is set as appropriate (Automated)
              • 1.3.2 - Ensure that the --profiling argument is set to false (Automated)
              • 1.3.3 - Ensure that the --use-service-account-credentials argument is set to true (Automated)
              • 1.3.4 - Ensure that the --service-account-private-key-file argument is set as appropriate (Automated)
              • 1.3.5 - Ensure that the --root-ca-file argument is set as appropriate (Automated)
              • 1.3.6 - Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)
              • 1.3.7 - Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
              • 1.4.1 - Ensure that the --profiling argument is set to false (Automated)
              • 1.4.2 - Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)
              • 2.1 - Ensure that the --cert-file and --key-file arguments are set as appropriate (Automated)
              • 2.2 - Ensure that the --client-cert-auth argument is set to true (Automated)
              • 2.3 - Ensure that the --auto-tls argument is not set to true (Automated)
              • 2.4 - Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (Automated)
              • 2.5 - Ensure that the --peer-client-cert-auth argument is set to true (Automated)
              • 2.6 - Ensure that the --peer-auto-tls argument is not set to true (Automated)
              • 4.1.1 - Ensure that the kubelet service file permissions are set to 600 or more restrictive (Automated)
              • 4.1.2 - Ensure that the kubelet service file ownership is set to root:root (Automated)
              • 4.1.5 - Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive (Automated)
              • 4.1.6 - Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated)
              • 4.1.9 - If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive (Automated)
              • 4.1.10 - If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root (Automated)
              • 4.2.1 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 4.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 4.2.3 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 4.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (Automated)
              • 4.2.10 - Ensure that the --rotate-certificates argument is not set to false (Automated)
              • 4.3.1 - Ensure that the kube-proxy metrics service is bound to localhost (Automated)
              • 5.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 5.1.2 - Minimize access to secrets (Automated)
              • 5.1.3 - Minimize wildcard use in Roles and ClusterRoles (Automated)
              • 5.1.4 - Minimize access to create pods (Automated)
              • 5.1.5 - Ensure that default service accounts are not actively used (Automated)
              • 5.1.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
            • Red Hat OpenShift 1.6.0 recommendations
              • 4.1.1 - Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)
              • 4.1.2 - Ensure that the kubelet service file ownership is set to root:root (Automated)
              • 4.1.5 - Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)
              • 4.1.6 - Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated)
              • 4.1.7 - Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Automated)
              • 4.1.8 - Ensure that the client certificate authorities file ownership is set to root:root (Automated)
              • 4.1.9 - Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictive (Automated)
              • 4.1.10 - Ensure that the kubelet configuration file ownership is set to root:root (Automated)
              • 4.2.2 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 4.2.3 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 4.2.4 - Ensure that the --client-ca-file argument is set as appropriate (Automated)
              • 4.2.5 - Verify that the read only port is not used or is set to 0 (Automated)
              • 4.2.6 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Automated)
            • Google Kubernetes Engine (GKE) 1.7.0 recommendations
              • 3.1.1- Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Automated)
              • 3.1.2 - Ensure that the proxy kubeconfig file ownership is set to root:root (Automated)
              • 3.1.3 - Ensure that the kubelet configuration file has permissions set to 644 (Automated)
              • 3.1.4 - Ensure that the kubelet configuration file ownership is set to - root:root (Automated)
              • 3.2.1 - Ensure that the Anonymous Auth is Not Enabled Draft (Automated)
              • 3.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)
              • 3.2.3 - Ensure that a Client CA File is Configured (Automated)
              • 3.2.4 - Ensure that the --read-only-port is disabled (Automated)
              • 3.2.5 - Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Automated)
              • 3.2.6 - Ensure that the --make-iptables-util-chains argument is set to true (Automated)
              • 3.2.7 - Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture (Automated)
              • 3.2.8 - Ensure that the --rotate-certificates argument is not present or is set to true (Automated)
              • 3.2.9 - Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)
              • 4.1.1 - Ensure that the cluster-admin role is only used where required (Automated)
              • 4.1.2 - Minimize access to secrets (Automated)
              • 4.1.3 - Minimize wildcard use in Roles and ClusterRoles (Automated)
              • 4.1.4 - Ensure that default service accounts are not actively used (Automated)
              • 4.1.5 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.1.6 - Avoid use of system:masters group (Automated)
              • 4.1.8 - Avoid bindings to system:anonymous (Automated)
              • 4.1.9 - Avoid non-default bindings to system:unauthenticated (Automated)
              • 4.1.10 - Avoid non-default bindings to system:authenticated (Automated)
              • 4.3.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 4.4.1 - Prefer using secrets as files over secrets as environment variables (Automated)
              • 4.6.2 - Ensure that the seccomp profile is set to RuntimeDefault in the pod definitions (Automated)
              • 4.6.4 - The default namespace should not be used (Automated)
              • 5.1.1 - Ensure Image Vulnerability Scanning is enabled (Automated)
              • 5.2.1 - Ensure GKE clusters are not running using the Compute Engine default service account (Automated)
              • 5.3.1 - Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS (Automated)
              • 5.4.1 - Ensure the GKE Metadata Server is Enabled (Automated)
              • 5.5.1 - Ensure Container-Optimized OS (cos_containerd) is used for GKE node images (Automated)
              • 5.5.2 - Ensure Node Auto-Repair is enabled for GKE nodes (Automated)
              • 5.5.3 - Ensure Node Auto-Upgrade is enabled for GKE nodes (Automated)
              • 5.5.4 - When creating New Clusters - Automate GKE version management using Release Channels (Automated)
              • 5.5.5 - Ensure Shielded GKE Nodes are Enabled (Automated)
              • 5.5.6 - Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled (Automated)
              • 5.5.7 - Ensure Secure Boot for Shielded GKE Nodes is Enabled (Automated)
              • 5.6.1 - Enable VPC Flow Logs and Intranode Visibility (Automated)
              • 5.6.2 - Ensure use of VPC-native clusters (Automated)
              • 5.6.3 - Ensure Control Plane Authorized Networks is Enabled (Automated)
              • 5.6.4 - Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Automated)
              • 5.6.5 - Ensure clusters are created with Private Nodes (Automated)
              • 5.6.7 - Ensure use of Google-managed SSL Certificates (Automated)
              • 5.7.1 - Ensure Logging and Cloud Monitoring is Enabled (Automated)
              • 5.8.3 - Ensure Legacy Authorization (ABAC) is Disabled (Automated)
              • 5.9.2 - Enable Customer-Managed Encryption Keys (CMEK) for Boot Disks (Automated)
              • 5.10.2 - Ensure that Alpha clusters are not used for production workloads (Automated)
              • 5.10.3 - Consider GKE Sandbox for running untrusted workloads (Automated)
              • 5.10.4 - Ensure use of Binary Authorization (Automated)
            • NSA/CISA Kubernetes Hardening Guidance
              • 1.2.4 - Ensure that the --kubelet-https argument is set to true (Automated)
              • 1.2.8 - Ensure that the --authorization-mode argument includes Node (Automated)
              • 1.2.16 - Ensure that the --audit-log-path argument is set (Automated)
              • 1.2.17 - Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
              • 1.2.26 - Ensure that the --etcd-cafile argument is set as appropriate (Automated)
              • 1.2.27 - Ensure that the --insecure-port argument is set to 0 (Automated)
              • 1.2.28 - Ensure that a minimal audit policy is created (Automated)
              • 1.3.29 - Ensure that the --encryption-provider-config argument is set as appropriate (Automated)
              • 2.1.1 - Ensure that the --anonymous-auth argument is set to false (Automated)
              • 3.1.1 - Ensure kube-system namespace is not used by users (Automated)
              • 3.1.2 - Ensure that all Namespaces have Network Policies defined (Automated)
              • 3.2.1 - Ensure LimitRange policy is used to limit resource usage (Automated)
              • 3.2.2 - Ensure ResouceQuota policy is used to limit resource usage (Automated)
              • 4.1.2 - Minimize the admission of containers configured to share the host process ID namespace (Automated)
              • 4.1.3 - Minimize the admission of containers configured to share the host IPC namespace (Automated)
              • 4.1.4 - Minimize the admission of containers configured to share the host network namespace (Automated)
              • 4.1.8 - Ensure the SELinux context of the container is set (Automated)
              • 4.1.9 - Ensure AppArmor is configured to restrict container's access to resources
              • 4.2.10 - Ensure container file system is immutable (Automated)
              • 4.4.5 - Ensure that default service accounts are not actively used. (Automated)
              • 4.4.6 - Ensure that Service Account Tokens are only mounted where necessary (Automated)
              • 4.5.1 - Minimize the admission of privileged containers (Automated)
              • 4.5.5 - Minimize the admission of containers with allowPrivilegeEscalation (Automated)
              • 4.5.11 - Ensure SecurityContext is applied to the Pods and Containers (Automated)
              • 4.5.12 - Restrict allowedHostPath to minimize access to the host file system (Automated)
              • 5.3.3 - Ensure Secure Computing mode (seccomp) is enabled to sandbox containers (Automated)
        • Vulnerabilities
        • Events
        • Container Image Scanning
          • Trend Micro Artifact Scanner (TMAS)
            • Integrating Trend Micro Artifact Scanner into a CI/CD pipeline
              • System requirements for Artifact Scanner
              • Downloading and installing artifact scanner
              • Updating to the latest version of the Trend Micro Artifact Scanner CLI
              • Obtaining an API key
              • Adding the CLI to your PATH
            • What to do after the Artifact Scanner scans
              • Integrate Trend Micro Artifact Scanner results into your policies
              • Override vulnerability and secret findings
              • Clean up temporary files
            • Artifact Scanner CLI
            • Trend Micro Artifact Scanner (TMAS) Examples
      • Container Security FAQs
        • Why does the sidecar container exit with code 137 in AWS Fargate?
    • File Security
      • What is File Security?
        • Billing and pricing
        • File Security architecture
        • Scaling & performance
          • Scaling and performance with AWS
          • Scaling and performance with SDK
          • Scaling and performance with Virtual Appliance
          • Scaling and performance with Containerized Scanner
        • Predictive Machine Learning in File Security
          • Enable Predictive Machine Learning in File Security SDK
        • Tags in File Security
          • Scans and tags in AWS
            • Scanning a file
            • Viewing tags
      • Getting started
      • File Security Storage
        • File Security Storage for AWS
          • Deploy File Security Storage to a new AWS account
          • Deploy File Security Storage to an existing AWS account
          • Deploy File Security Storage to an AWS Organization account
          • Add by-region quarantine and promote buckets in single accounts
          • Add a failed scan bucket
          • Turn on scanning in AWS buckets
          • Turn off scanning in AWS buckets
          • Take action after AWS scans
      • File Security SDK
        • Deploy with Go SDK
          • Prerequisites
          • Creating an API key
          • Installing the SDK
          • Initializing the SDK
          • Use the SDK
            • Using advanced functions
            • Viewing Examples
            • Using client tools
          • Golang API reference
        • Deploy with Java SDK
          • Check prerequisites
          • Create an API key
          • Install the SDK
          • Use the File Security Java SDK
          • Java API reference
        • Deploy with Node.js SDK
          • Prerequisites
          • Create an API key
          • Install the SDK
          • Authenticate
          • Node.js API reference
          • Code example
          • Common errors
        • Deploy with Python SDK
          • Prerequisites
          • Create an API key
          • Install the SDK
          • Run the SDK
          • Customize the Examples
        • Deploy with CLI
          • Integrate into a CI/CD pipeline
            • Install File Security CLI
            • Obtain an API Key
          • General usage
          • Available commands
          • Command examples
          • Use Command flags
          • Supported targets
            • File Security CLI response payload
          • Proxy configuration
        • Taking action after SDK scans
      • File Security Virtual Appliance
        • Deploy a Virtual Appliance
          • Deploy a Virtual Appliance from the Service Gateway page
          • Deploy a Virtual Appliance from File Security
        • Manage mount points and scanning
          • Add a mount point
          • Predictive Machine Learning in Virtual Appliance
          • Add a quarantine folder to a mount point
          • Enable scanning for a mount point
          • Scheduled scanning
          • Modify a mount point
          • Disable scanning for a mount point
          • Remove a mount point
            • Removing multiple mount points
        • Manage multiple points and scanning
          • Enable scanning for multiple mount points
          • Disable scanning for multiple mount points
        • Error status codes for mount point status
      • File Security Containerized Scanner
        • Deploy a Containerized Scanner
          • Prerequisites
          • Install the containerized scanner
          • Releases
        • ICAP Protocol and Containerized Scanner
          • Install the Containerized Scanner
          • Load balancing for containerized ICAP scanners
            • Expose the ICAP service with AWS NLB
            • Expose ICAP Service with MetalLB
        • Uninstall Containerized Scanner Helm chart
      • File Security FAQs
      • Troubleshoot File Security
    • Cloud Accounts
      • Getting started with Cloud Accounts
        • About XDR for Cloud
          • Testing CloudTrail integration for XDR for Cloud
          • CloudTrail demo models
          • Testing VPC Flow Log integration for XDR for Cloud
          • Threat Intelligence sweeping test for VPC Flow Logs
          • VPC Flow Log demo models
      • AWS accounts
        • Connecting and updating AWS accounts
          • Adding an AWS account using CloudFormation
          • Adding an AWS account using Terraform
          • CloudTrail configuration
          • Adding an AWS account with CloudTrail and Control Tower
          • Adding an AWS Control Tower audit account with CloudTrail
          • Adding AWS Organizations
          • Updating a legacy AWS connection
          • Using QuickLaunch to add an AWS account
          • Connecting AWS Accounts Using APIs
            • Adding an AWS Account Manually
              • Cloud Accounts AWS Policies in JSON Format
            • Using APIs to connect an AWS account
        • AWS Account Settings
          • AWS Account Information
          • AWS Stack Update
          • AWS Resource Update
        • AWS features and permissions
          • VPC Flow Logs recommendations and requirements
        • AWS supported regions and limitations
      • Azure subscriptions
        • Connecting and updating Azure subscriptions
          • Adding an Azure subscription
          • Adding an Azure Management Group
            • Azure script to change the primary subscription
          • Updating a legacy Azure connection
          • Connect or update multiple Azure subscriptions
            • Azure reduced resource connection script
          • Azure required and granted permissions
        • Subscription settings
          • Subscription Information
          • Azure Resource Update
        • Azure features and permissions
          • Enable XDR for Cloud - Microsoft Azure Activity Logs
          • Enable Microsoft Defender for Endpoint Log Collection
        • Azure supported regions and limitations
      • Google Cloud projects
        • Connecting Google Cloud projects
          • Adding a Google Cloud project
          • Adding a Google Cloud project (January 2025 update)
          • Adding a Google Cloud organization or folder
          • Updating a legacy Google Cloud connection
          • Updating a legacy Google Cloud connection (January 2025 update)
          • Google Cloud required and granted permissions
        • Project settings
          • Project Information
          • Google Cloud Resource Update
          • Google Cloud Resource Update (January 2025 update)
        • Google Cloud features and permissions
        • Google Cloud supported regions and limitations
      • Alibaba Cloud accounts
        • Connecting Alibaba Cloud accounts
          • Adding an Alibaba Cloud account
        • Alibaba Cloud Account Settings
          • Alibaba Cloud Account Information
          • Alibaba Cloud Resource Update
        • Alibaba Cloud features and permissions
        • Alibaba Cloud supported regions and limitations
      • Cloud Accounts troubleshooting and FAQs
        • AWS account connection troubleshooting and FAQ
          • Why is my management account not visible after connecting my AWS organization?
          • AWS deployment architecture
          • AWS organization shows "Reconnect" or "Update feature stack" action after deployment attempt
        • Azure account connection troubleshooting and FAQ
          • Why am I getting failed rules after adding an Azure subscription?
        • Alibaba account connection troubleshooting and FAQ
          • Can I connect my Alibaba Cloud account to more than one Trend Vision One instance?
          • Troubleshooting common issues when connecting an Alibaba Cloud account
        • Cloud Accounts Trend Vision One API key FAQ
        • Estimating and monitoring XDR for Cloud usage
        • Resources deployed by Cloud Accounts
  • Network Security
    • Getting started with Network Security
      • Virtual Network Sensor deployment guides
        • Deploying a Virtual Network Sensor with AWS
          • Configuring AWS security groups for Virtual Network Sensor
          • Launching a Virtual Network Sensor AMI instance
          • Deploying a Virtual Network Sensor from a CloudFormation template
          • Configuring the Virtual Network Sensor as a traffic mirror target
          • Deploying a Virtual Network Sensor behind a network load balancer
        • Deploying a Virtual Network Sensor with Google Cloud
          • Launching a Virtual Network Sensor instance on Google Cloud
          • Configuring traffic mirroring on Google Cloud
        • Deploying a Virtual Network Sensor with Microsoft Azure
          • Creating a network security group and subnets for the Virtual Network Sensor
          • Launching a Virtual Network Sensor instance on Azure
          • Setting up traffic mirroring with Azure virtual network TAP
          • Tips for setting up traffic mirroring with Gigamon VUE Cloud Suite for Azure
        • Deploying a Virtual Network Sensor with Hyper-V
          • Hyper-V network settings
          • Mapping your deployment with Hyper-V
          • Configuring internal network traffic on Hyper-V host
          • Configuring external network traffic on Hyper-V host
          • Configuring external inter-VM traffic with ERSPAN (Hyper-V host)
          • Configuring external network traffic with PCI passthrough (Hyper-V host)
        • Deploying a Virtual Network Sensor with KVM
          • KVM network settings
          • Mapping your deployment with KVM
          • Preparing a vSwitch
          • Configuring internal network traffic with Open vSwitch (SPAN)
          • Configuring external network traffic with Open vSwitch (SPAN)
          • Configuring external network traffic with Open vSwitch (RSPAN)
          • Configuring external inter-VM traffic with ERSPAN (KVM host)
          • Configuring external network traffic with PCI passthrough (KVM host)
        • Deploying a Virtual Network Sensor with Nutanix AHV
          • Configuring traffic mirroring for Nutanix AHV
        • Deploying a Virtual Network Sensor with VMware ESXi
          • Configuring External Network Traffic with the VMware vSphere Standard Switch (Promiscuous Mode)
        • Deploying a Virtual Network Sensor with VMware vCenter
          • VMware vCenter network settings
          • Mapping your deployment with VMware vCenter
          • Configuring internal network traffic with the VMware vSphere Distributed Switch (promiscuous mode)
          • Configuring internal network traffic with the VMware vSphere Distributed Switch (SPAN)
          • Configuring internal network traffic with the VMware vSphere Standard Switch (promiscuous mode)
          • Configuring external network traffic with the VMware vSphere Standard Switch (promiscuous mode/RSPAN)
          • Configuring external network traffic with the VMware vSphere Distributed Switch (RSPAN)
          • Configuring external network traffic with the VMware vSphere Distributed Switch (SPAN)
          • Configuring external network traffic with PCI passthrough (SPAN/RSPAN)
          • Configuring external inter-VM traffic with ERSPAN
          • Configuring external inter-VM traffic with the VMware vSphere Distributed Switch (RSPAN)
        • Virtual Network Sensor system requirements
        • Traffic mirroring with network devices
      • Deep Discovery Inspector connection guides
        • Connecting a Deep Discovery Inspector appliance directly
        • Connecting a Deep Discovery Inspector appliance using Service Gateway as a proxy
        • Deploying a Deep Discovery Inspector virtual appliance on AWS
        • Configuring Deep Discovery Inspector connections
        • Sandbox options for connected Deep Discovery Inspector appliances
          • Integrating a Deep Discovery Inspector virtual appliance with Sandbox as a Service
        • Activating a Deep Discovery Inspector license using the Customer Licensing Portal
      • TippingPoint SMS connection guides
        • Connecting TippingPoint SMS 6.1.0 or later to Network Security
        • Connecting TippingPoint SMS 6.1.0 or later to Network Security through a Service Gateway
        • Connecting TippingPoint SMS 5.5.4 or 6.0.0 through a Service Gateway
        • Migrating a connected TippingPoint SMS to the latest version
        • Migrating an existing TippingPoint SMS 5.5.3 or earlier and connecting to Network Security
        • Service Gateway deployment for TippingPoint SMS
          • Service Gateway appliance system requirements
          • Deploying a Service Gateway virtual appliance with VMware ESXi
          • Deploying a Service Gateway virtual appliance with Microsoft Hyper-V
    • Network Overview
    • Network Inventory
      • Credit allocation for Network Security
      • Virtual Network Sensor
        • Sensor Details
          • Configuring sensor update settings
        • Configuring Virtual Network Sensor connections
        • Virtual Network Sensor system requirements
        • Resizing the Virtual Network Sensor
        • Ports and URLs used by Virtual Network Sensor
        • Virtual Network Sensor CLI commands
      • Deep Discovery Inspector appliances
        • Appliance Details
        • Appliance Plans
          • Plan Details
          • Creating a hotfix/critical patch plan
          • Creating a firmware update plan
          • Creating a configuration replication plan
          • Creating a Virtual Analyzer image deployment plan
        • Virtual Analyzer Image Source
          • Configuring Virtual Analyzer Image Source
        • Ports and URLs used by Deep Discovery Inspector
      • TippingPoint devices
        • Enable TippingPoint Network Sensor
        • Ports and URLs used by TippingPoint
      • Network Inventory with Deep Discovery Director
        • Connecting through Deep Discovery Director
        • Configuring Network Sensors with Deep Discovery Director
    • Network Analysis Configuration
      • Monitoring and Scanning Network Traffic
        • Detection Rules
        • Detection Exceptions
          • Configuring Detection Exceptions
        • Packet Capture
          • Configuring Packet Capture
      • Network Resources
        • Network Resource Lists
        • Configuring a Network Resource profile
        • About central management of Deep Discovery Inspector
    • Intrusion Prevention Configuration
      • Deploying Virtual Patch filter policies to TippingPoint SMS
      • CVE profiles
    • Network Security troubleshooting & FAQ
      • Send to sandbox FAQ
        • What is required for enabling Send to Sandbox on a TPS device in a stack?
      • Virtual Network Sensor FAQ
      • Restoring an unhealthy Virtual Network Sensor connection
  • Email and Collaboration Security
    • Getting started with Trend Vision One Email and Collaboration Security
      • Update from Cloud App Security
        • Connecting and updating Cloud App Security
        • Cloud App Security to Cloud Email and Collaboration Protection feature mapping
          • Feature differences and limitations between Cloud App Security and Cloud Email and Collaboration Protection
      • Update from Trend Micro Email Security
        • Connecting and updating Trend Micro Email Security
        • Trend Micro Email Security to Cloud Email Gateway Protection feature mapping
          • Feature differences and limitations between Trend Micro Email Security and Cloud Email Gateway Protection
      • Post update tasks for Trend Vision One Email and Collaboration Security
      • Credit requirements for Email and Collaboration Security
      • Overview of access permissions to protected services
    • Email Asset Inventory
      • Managing the email account inventory
        • Managing email account policies with Cloud Email and Collaboration Protection
        • Deploying policies for email accounts with Cloud App Security
        • Enabling key features for email accounts with Cloud App Security
      • Managing the email domain inventory
    • Email and Collaboration Sensor
      • Running an Email Sensor test drive
      • Managing Email Sensor detection
    • Cloud Email and Collaboration Protection
      • Introduction
        • About Cloud Email and Collaboration Protection
          • Features and benefits
          • How Cloud Email and Collaboration Protection works
            • Protection modes for email services
              • Features support under API-based protection and inline protection
          • How Cloud Email and Collaboration Protection protects your data privacy
          • Data center geography
          • System requirements
      • Getting started
        • Accessing the Cloud Email and Collaboration Protection management console
          • Accessing the management console
        • Protecting multiple service provider tenants with one account
        • Changes made by Cloud Email and Collaboration Protection
          • Changes made under API-based protection
          • Changes made under inline protection
      • Granting Cloud Email and Collaboration Protection access to services
        • Service account
          • Delegate account
          • Authorized account
        • Different ways to begin granting access
        • Granting access to Microsoft 365 services
          • Granting access to Exchange Online
            • Granting access to Exchange Online with an authorized account
            • Granting access to Exchange Online (inline mode) with an authorized account
              • Verifying related security settings in Microsoft
              • Connectors, transport rules, groups, and allow lists for inline protection
          • Granting access to SharePoint Online with an authorized account
          • Granting access to OneDrive with an authorized account
          • Migrating to authorized account for SharePoint Online and OneDrive
          • Granting access to Microsoft teams
          • Granting access to Teams
            • Creating an Microsoft Entra ID app for Teams protection
          • Using a MIP account
            • Adding a MIP account
            • Removing an MIP account
          • Using a Microsoft Identity Protection account
            • Adding a Microsoft Identity Protection account
            • Removing a Microsoft Identity Protection account
          • Data synchronized by Cloud Email and Collaboration Protection
        • Granting access to Box, Dropbox and Google Drive
          • Before you start
          • Granting access to Box
          • Granting access to Dropbox
          • Granting access to Google Drive
        • Granting access to Gmail
          • Granting access to Gmail
          • Granting access to Gmail (inline mode)
            • Configuring email routing for inline protection
            • Configuring email routing for outbound protection
        • Revoking access to services
          • Revoking access to Microsoft 365 services
          • Revoking access to Box
          • Revoking access to Dropbox
          • Revoking access to Google Drive
          • Revoking access to Gmail
          • Revoking access to Gmail (inline mode)
          • Revoking access to Gmail (inline mode) - inbound protection
      • Dashboard
        • Service status
        • Threat detection
          • Scam widgets
          • Quishing widgets
          • Ransomware widgets
          • Business email compromise (BEC) widgets
          • Summary widgets
          • Security risk scan widgets
          • Virtual Analyzer widgets
          • Data Loss Prevention widgets
          • Viewing threat detection data
        • Risky user detection
          • Internal distributors widgets
          • Top users with targeted attack risks widgets
          • Internal user risk analytics widgets
        • Configuration health
          • Protection feature adoption
      • Policies
        • Advanced Threat Protection
          • Real-time and on-demand scanning
          • Actions available for different services
          • Menu controls for ATP policies
          • Internal domains
            • Configuring internal domains
          • Adding advanced threat protection policies
            • General
            • Advanced Spam Protection
            • Malware Scanning
            • File Blocking
            • Web Reputation Services
            • Virtual Analyzer
            • Correlated Intelligence
          • Running a manual scan
          • Compressed file handling
          • Quishing detection
          • Token list
        • Data Loss Prevention
          • Real-time and on-demand scanning
          • Data identifiers
            • Expressions
            • Keywords
          • Compliance templates
          • Adding Data Loss Prevention policies
            • General
            • Data Loss Prevention
            • Keyword extraction
          • Configuring the Box shared links control policy
          • Running a manual scan
        • Global settings
          • Managing synchronized user list for Exchange Online
          • Viewing correlation rules and detection signals
            • Adding a custom correlation rule
            • Adding a custom detection signal
          • Configuring approved/blocked lists
            • Configuring approved Exchange Online users
            • Configuring approved header field list for Exchange Online
            • Viewing blocked lists for Exchange Online
            • Configuring approved header field list for Gmail
          • Configuring high profile lists
            • Configuring high profile domains
            • Configuring high profile users
            • Configuring high profile user exception list
          • Configuring the internal domain list
          • Managing Predictive Machine Learning exception list
          • Configuring display name spoofing detection exception list
          • Configuring notification settings
            • Configuring recipient groups
            • Configuring notification email settings
          • Configuring suspicious object settings
          • Configuring time-of-click protection settings
          • Configuring attachment password guessing
          • Configuring conditional access policies for risky users
          • Configuring Microsoft licensing model settings for Teams
          • Configuring inline protection settings for Exchange Online
          • Configuring inline protection settings for Gmail
      • Logs
        • Log types
        • Log facets
        • Searching logs
      • Operations
        • Quarantine
          • Quarantine facets
          • Searching quarantine
          • Managing quarantine
          • Previewing quarantined emails
        • User-reported emails
        • Correlated Intelligence
          • Threat types of security risks and anomalies
      • Reports
        • Configuring reports
      • Administration
        • Organization management
        • Service account
        • Automation and integration APIs
        • Add-in for Outlook
          • Release notes
          • Deploying the add-in for Outlook
          • Configuring the add-in for Outlook
          • Using the add-in for Outlook
          • Updating the add-in for Outlook
          • Removing the add-in for Outlook
        • Email reporting
      • Troubleshooting and FAQs
        • Troubleshooting
          • License expiration error upon logon with valid clp account
          • Invalid account error upon console logon
          • "clp or lmp account already registered" error upon granting access to Microsoft 365 services
          • Access grant for Sharepoint Online/OneDrive failure when mfa is enabled
          • Internal domain scheduled synchronization failure for Gmail
          • Internal email messages in Exchange Online improperly handled as spam
          • Server not found or connection closed upon console logon
          • Access grant or migration for inline protection over Exchange Online always fail
          • Not authorized to view content error upon accessing certain screens
          • Associated mailbox not found error upon configuring Gmail quarantine settings
        • FAQs
      • Known issues
      • Cloud Email and Collaboration Protection protection glossary
    • Cloud Email Gateway Protection
      • About Cloud Email Gateway Protection
        • Service requirements
        • Features and benefits
        • Data center geography
        • Inbound message protection
          • Inbound message flow
        • Outbound message protection
        • Integration with Trend Micro products
          • Apex Central
            • Registering to Apex Central
            • Checking Cloud Email Gateway Protection server status
            • Unregistering from Apex Central
          • Remote Manager
      • Getting started with Cloud Email Gateway Protection
        • Provisioning a Trend Micro Business Account
          • Setting up Cloud Email Gateway Protection
      • Working with the dashboard
        • Threats tab
          • Ransomware details chart
          • Threats chart
          • Threats details chart
          • Virtual Analyzer file analysis details chart
          • Virtual Analyzer URL analysis details chart
          • Virtual Analyzer quota usage details
          • Domain-based authentication details chart
          • Blocked message details
        • Top statistics tab
          • Top bec attacks detected by antispam engine chart
          • Top BEC attacks detected by Writing Style Analysis chart
          • Top targeted high profile users
          • Top analyzed advanced threats (files) chart
          • Top analyzed advanced threats (URLs) chart
          • Top malware detected by Predictive Machine Learning chart
          • Top malware detected by pattern-based scanning chart
          • Top spam chart
          • Top Data Loss Prevention (DLP) incidents chart
        • Other statistics tab
          • Volume chart
          • Bandwidth chart
          • Time-of-click protection chart
      • Managing domains
        • Adding a domain
        • Configuring a domain
          • Adding SPF records
          • Adding Microsoft 365 inbound connectors
          • Adding Microsoft 365 outbound connectors
        • Editing or deleting domains
      • Inbound and outbound protection
        • Managing recipient filter
        • Managing sender filter
          • Configuring approved and blocked sender lists
            • Adding senders
            • Deleting senders
            • Importing senders
            • Exporting senders
          • Sender filter settings
        • Transport Layer Security (TLS) peers
          • Adding domain TLS peers
          • Editing domain TLS peers
        • Understanding IP reputation
          • About quick IP list
          • About standard IP reputation settings
          • About approved and blocked IP addresses
            • Managing approved and blocked IP addresses
          • IP reputation order of evaluation
          • Troubleshooting issues
        • Managing reverse DNS validation
          • Configuring reverse DNS validation settings
            • Adding reverse DNS validation settings
            • Editing reverse DNS validation settings
          • Configuring the blocked PTR domain list
            • Adding PTR domains
            • Editing PTR domains
        • Domain-based authentication
          • Sender IP match
            • Adding sender IP match settings
            • Editing sender IP match settings
          • Sender policy framework (SPF)
            • Adding SPF settings
            • Editing SPF settings
          • Domainkeys identified mail (DKIM)
            • Adding DKIM verification settings
            • Editing DKIM verification settings
            • Adding DKIM signing settings
            • Editing DKIM signing settings
          • Domain-based message authentication, reporting & conformance (DMARC)
            • Adding DMARC settings
            • Editing DMARC settings
            • Monitoring DMARC setup
              • Generating a DMARC record
              • Generating a BIMI record and Implementing BIMI
          • How DMARC works with SPF and DKIM
        • File password analysis
          • Configuring file password analysis
          • Adding user-defined passwords
          • Importing user-defined passwords
        • Configuring scan exceptions
          • Scan exception list
          • Configuring "scan exceptions" actions
        • High profile domains
          • Configuring high profile domains
        • High profile users
          • Configuring high profile users
        • Configuring time-of-click protection settings
        • Data Loss Prevention
          • Data identifier types
            • Expressions
              • Predefined Expressions
              • Customized Expressions
                • Criteria for custom expressions
                • Creating a Customized Expression
                • Importing Customized Expressions
            • Keywords
              • Predefined Keyword Lists
              • Custom keyword lists
                • Custom keyword list criteria
                • Creating a Keyword List
                • Importing a Keyword List
            • File Attributes
              • Predefined file attributes list
              • Creating a file attribute list
              • Importing a file attribute list
          • DLP Compliance Templates
            • Predefined DLP Templates
            • Custom DLP templates
              • Condition statements and logical pperators
              • Creating a Template
              • Importing Templates
      • Configuring policies
        • Policy rule overview
          • Default policy rules
        • Managing policy rules
        • Reordering policy rules
        • Naming and enabling a policy rule
        • Specifying recipients and senders
          • Inbound policy rules
          • Outbound policy rules
        • About policy rule scanning criteria
          • Configuring virus scan criteria
            • About Advanced Threat Scan Engine
            • About Predictive Machine Learning
          • Configuring spam filtering criteria
            • Configuring spam criteria
            • Configuring Business Email Compromise criteria
            • Configuring phishing criteria
            • Configuring graymail criteria
            • Configuring Web Reputation criteria
            • Configuring social engineering attack criteria
            • Configuring unusual signal criteria
              • Unusual signals
          • Configuring Correlated Intelligence criteria
          • Configuring Data Loss Prevention criteria
          • Configuring content filtering criteria
            • Using envelope sender is blank criteria
            • Using message header sender differs from envelope sender criteria
            • Using message header sender differs from header reply-to criteria
            • Using attachment file name or extension criteria
            • Using attachment mime content type criteria
            • Using attachment true file type criteria
            • Using message size criteria
            • Using subject matches criteria
            • Using subject is blank criteria
            • Using body matches criteria
            • Using body is blank criteria
            • Using specified header matches criteria
            • Using attachment content matches keyword criteria
            • Using attachment size criteria
            • Using attachment number criteria
            • Using attachment is password protected criteria
            • Using attachment contains active content criteria
            • Using the number of recipients criteria
        • About policy rule actions
          • Specifying policy rule actions
          • intercept actions
            • Using the delete action
            • Using the deliver now action
            • Using the quarantine action
            • Using the change recipient action
          • modify actions
            • Cleaning cleanable malware
            • Deleting matching attachments
            • Sanitizing attachments
            • Inserting an X-Header
            • Inserting a stamp
              • Configuring stamps
            • Tagging the subject line
            • Tokens
          • monitor actions
            • Using the bcc action
          • Encrypting outbound messages
            • Reading an encrypted email message
          • About the send notification action
            • Configuring send notification actions
            • Duplicating or copying send notification actions
            • Removing notifications from policy rule actions
            • Deleting notifications from lists of messages
      • Understanding quarantine
        • Querying the quarantine
        • Configuring end user quarantine settings
        • Quarantine digest settings
          • Adding or editing a digest rule
          • Adding or editing a digest template
      • Logs in Cloud Email Gateway Protection
        • Understanding mail tracking
          • Social engineering attack log details
          • Business Email Compromise log details
          • Antispam engine scan details
        • Understanding policy events
          • Predictive Machine Learning log details
        • Understanding URL click tracking
        • Understanding audit log
        • Configuring syslog settings
          • Syslog forwarding
          • Syslog server profiles
          • Content mapping between log output and CEF syslog type
            • CEF detection logs
            • CEF audit logs
            • CEF mail tracking logs (accepted traffic)
            • CEF URL click tracking logs
        • Querying log export
      • Reports
        • Generated reports
        • Report settings
      • Configuring administration settings
        • Policy objects
          • Managing address groups
          • Managing the URL keyword exception list
          • Managing the Web Reputation approved list
          • Managing correlation rules and detection signals
            • Adding a custom correlation rule
            • Adding a custom detection signal
          • Keyword expressions
            • About regular expressions
              • Characters
              • Bracket expression and character classes
              • Boundary matches
              • Greedy quantifiers
              • Logical operators
              • Shorthand and meta-symbol
            • Using keyword expressions
            • Adding keyword expressions
            • Editing keyword expressions
          • Managing notifications
          • Managing stamps
        • End user management
          • Local accounts
          • Managed accounts
            • Removing end user managed accounts
          • Logon methods
            • Configuring local account logon
            • Configuring single sign-on
              • Configuring Active Directory Federation Services
              • Configuring Microsoft ENTRA ID
              • Configuring Okta
        • Email Continuity
          • Adding an Email Continuity record
          • Editing an Email Continuity record
        • Message size settings
        • Logon access control
          • Configuring access control settings
          • Configuring approved IP addresses
        • Directory management
          • Synchronizing user directories
          • Importing user directories
          • Exporting user directories
          • Installing the directory synchronization tool
        • Co-branding
        • Service integration
          • API access
            • Obtaining an API key
          • Log retrieval
          • Apex Central
            • Configuring suspicious object settings
          • Trend Vision One
            • Configuring suspicious object settings
          • Remote Manager
          • Phishing Simulation
        • Email reporting add-in for Outlook
          • Deploying the add-in in the Microsoft 365 admin center
          • Deploying the add-in in the Exchange admin center
          • Updating the add-in in the Microsoft 365 admin center
        • Migrating data from IMSS or IMSVA
          • Data that will be migrated
          • Data that will not be migrated
          • Prerequisites for data migration
          • Migrating data to Cloud Email Gateway Protection
          • Verifying data after migration
        • Email Recovery
      • FAQs and instructions
        • About mx records and Cloud Email Gateway Protection
        • About mta-sts records for inbound protection
        • Feature limits and capability restrictions
  • Mobile Security
    • Getting started with Mobile Security
      • Mobile Security device platform features
      • System requirements
        • Mobile device permission requirements
      • Resource consumption
        • Android device resource consumption
        • iOS device resource consumption
      • Microsoft Endpoint Manager (Intune) integration
        • Setting up Microsoft Endpoint Manager (Intune) integration
          • Required device permissions for Microsoft Endpoint Manager (Intune) integration
      • VMware Workspace ONE UEM integration
        • Preparing for VMware Workspace ONE UEM integration
        • Setting up Workspace ONE UEM integration
          • Registering Workspace ONE as your Android EMM provider
      • Google Workspace integration
        • Setting up Google Workspace integration
        • Deploying the Mobile Security for Business app to managed Android devices in Google Workspace
        • Deploying a VPN profile for Google Workspace
      • Integration with other MDMs through managed configuration
        • Enrolling devices using managed configuration
          • Managed configuration for Ivanti (MobileIron)
            • Ivanti (MobileIron) managed configuration enrollment for Android devices
            • Ivanti (MobileIron) managed configuration enrollment for iOS devices
      • Mobile Device Director setup
        • Setting up Mobile Device Director
          • Enrolling Android devices
          • Enrolling iOS/iPadOS devices
      • Microsoft Entra ID integration
        • Granting permissions on Microsoft Entra ID data
      • Changing the Mobile Security deployment method
      • Enabling Zero Trust Secure Access on managed mobile devices
        • Deploying the Zero Trust Secure Access certificates to devices using managed configuration
        • Deploying a VPN profile to devices using managed configuration
    • Using Mobile Security with MDM solutions or Microsoft Entra ID
      • Mobile Inventory
        • Devices Tab
        • Users Tab
        • Groups Tab
      • Mobile Detection Logs
      • Mobile Policy
        • Mobile policy data
        • Configuring mobile policies for Android devices
        • Configuring mobile policies for iOS/iPadOS devices
        • Configuring mobile policies for ChromeOS devices
      • Risky Mobile Apps
        • Risky mobile app data
        • Approved List data
    • Using Mobile Device Director
      • Mobile Inventory
        • Devices tab
        • Users tab
        • Assignment Groups tab
      • Managed Mobile Apps
        • Configuring managed mobile apps for Android devices
        • Configuring managed mobile apps for iOS/iPadOS devices
      • Mobile Detection Logs
      • Mobile Compliance Policies
        • Mobile compliance policy data
        • Configuring mobile compliance policies
          • Android compliance policy criteria (user-owned devices with a work profile)
          • Android compliance policy criteria (company-owned, fully managed, and dedicated devices)
          • iOS compliance policy criteria
      • Mobile Security Policies
        • Mobile security policy data
        • Configuring mobile security policies
          • Deepfake Detector for mobile devices
      • Risky Mobile Apps
        • Risky mobile app data
  • Service Management
    • Product Instance
      • Connect existing products to Product Instance
        • Configure Cloud App Security
        • Configure Deep Security Software
        • Configure Trend Micro Apex One On-Premises
        • Configure Trend Cloud One
        • Configure TXOne StellarOne
        • Configure TXOne EdgeOne
      • Create a new product instance
      • Create a new Endpoint Group Manager
    • Asset Visibility Management
      • What is Asset Visibility Management?
      • Add an asset visibility scope
    • Asset Group Management
      • Create an asset group
    • Tag Management
      • Tag library
        • Create custom tags
        • Manage tagged assets
      • External tags
        • Cloud mappings
        • Microsoft Entra ID
      • Automated tagging
        • Create automated tagging rules
      • Execution results
  • Administration
    • User Accounts, Identity Providers, and User Roles
      • User Roles
        • Configuring custom user roles
        • Predefined roles
      • User Accounts
        • Primary User Account
          • Transferring ownership of the Primary User Account
        • Configuring accounts
          • Adding a SAML Account
          • Adding a SAML Group Account
            • Adding a SAML Group Account for Microsoft Entra ID
            • Adding a SAML Group Account for Active Directory (on-premises)
          • Adding an IdP-Only SAML Group Account
          • Adding a Local Account
        • Enabling and configuring multi-factor authentication
      • API Keys
        • Obtaining API keys for third-party apps
        • Obtaining API keys for third-party auditors
      • Identity Providers
        • Configuring Active Directory Federation Services
        • Configuring Google Cloud Identity
        • Configuring Microsoft Entra ID
        • Configuring Okta
          • Configuring SAML Assertion Encryption in Okta
        • Configuring OneLogin
    • Notifications
      • Alerts
      • Subscriptions
      • Managing webhooks
      • Configuring notifications
        • Configuring notifications for response tasks
        • Configuring notifications for new Workbench alert
        • Configuring notifications for Private Access Connector status
        • Configuring notifications for Service Gateway critical service status or performance
        • Configuring notifications for new risk event
        • Configure notifications for case update summary
        • Configure notifications for case update for owners
        • Configuring notifications for newly discovered assets
    • Audit Logs
      • User logs
        • User log data
      • System logs
        • System log data
    • Console Settings
    • License Information
      • Register a new license
      • XDR data retention
    • Credits & Billing
      • Annual Credits
        • Introduction to credit-based licensing
          • Credit allocation models
        • Credit requirements for Trend Vision One solutions, capabilities, and services
          • Considerations for updating to the new Cyber Risk Exposure Management pricing model
        • Purchase credits from AWS Marketplace
        • Purchase credits from Azure Marketplace
        • License entitlements calculated into credits
          • License entitlements calculated into credits - FAQs
      • Pay-As-You-Go
        • Introduction to pay-as-you-go
        • Pay-as-you-go pricing information for Trend Vision One features
        • Purchase a pay-as-you-go contract from AWS Marketplace
          • Update from Trend Cloud One pay-as-you-go to Trend Vision One pay-as-you-go
        • Frequently asked questions
    • Support Settings
      • Configuring remote support settings
      • Enabling hypersensitive mode
    • Domain Verification
      • Adding and managing domains
  • Getting Help and Troubleshooting
    • Help and Support
      • Creating a support case
    • Self-Diagnosis
      • Running diagnostic tests
        • Finding endpoint information
      • Test results tab
      • XDR Endpoint Checker
        • Using XDR Endpoint Checker from a web browser
        • Using XDR Endpoint Checker from the command line
Close