Threat Investigations can correlate information from Endpoint Sensor, Cloud App Security, and Active Directory to display attack information about an endpoint, user account, and possible email attack vectors throughout your network.
You must properly configure Cloud App Security and Apex Central before being able to correlate email message information.
Apex Central only supports email correlation in Cloud App Security for Threat Investigations.
For more information, see Cloud Service Integration.
Email correlation in Cloud App Security requires the following:
Additional licensing for Trend Micro Cloud App Security on your Customer Licensing Portal account.
Additional licensing for Apex One™ as a Service: Endpoint Sensor on your Customer Licensing Portal account.
If your Customer Licensing Portal account already includes Cloud App Security, proceed to the following step.
If you do not have a valid Activation Code for Cloud App Security, contact your sales representative.
You can open the Cloud App Security console from the Products/Services screen on the Customer Licensing Portal website (https://clp.trendmicro.com/).
Default Exchange Policy ATP: Go to Advanced Threat Protection > Exchange Online Policies and set the policy status to ON.
Default Exchange Policy DLP: Go to Data Loss Prevention > Exchange Online Policies and set the policy status to ON.
For more information about Cloud App Security, see the Cloud App Security Online Help at http://docs.trendmicro.com/en-us/enterprise/cloud-app-security.aspx.
The Add Authentication Token screen appears.
The generated authentication token appears on the Automation and Integration APIs screen.
On the Apex Central console, go to Directories > Product Servers.
The Product Servers screen appears.
Click Cloud Service Settings.
The Cloud Service Settings screen appears.
Provide the following credentials:
Account: The user name used to activate the cloud service subscription on the Trend Micro Customer Licensing Portal (https://clp.trendmicro.com/)
Password: The password for the Customer Licensing Portal account
Apex Central registers your Customer Licensing Portal account and supported cloud services.
Clicking Download the Active Directory synchronization tool will deactivate any previously downloaded Active Directory synchronization tools and stop synchronizing Active Directory servers configured using the deactivated tool.
Ensure that .NET Framework 4.6.1 is installed on the Windows endpoint before executing the tool.
For more information, see Configuring Active Directory Synchronization.
Windows Server platforms