Trend Micro Apex Central Integration

Cloud App Security integrates with Trend Micro Apex Central and supports Apex Central 2019.

Apex Central is a software management solution that gives you the ability to control antivirus and content security programs from a central location, regardless of the program's physical location or platform. This application can simplify the administration of a corporate antivirus and content security policy.

The following features and capabilities are available on the Apex Central console if Cloud App Security is managed from Apex Central:

  • Use Single Sign-On (SSO) to access the Cloud App Security management console.

  • Add Cloud App Security data to the Data Loss Prevention and Threat Detection dashboard tabs.

  • Check the current Cloud App Security connection status.

  • Query or display logs submitted by Cloud App Security.

Parent topic: Integration with Trend Micro Products

Registering Cloud App Security

Make sure you have a Customer Licensing Portal (CLP) or Licensing Management Platform (LMP) account, and both Cloud App Security and Apex Central are activated and available for use.

  1. In Apex Central, go to Administration > Managed Servers > Server Registration.
  2. Under Server Type, select Cloud App Security.
  3. Click Cloud Service Settings.
  4. Type the LMP logon URL, for example, https://clp.trendmicro.com/Dashboard?T=<tenant-id>, if you are using an LMP account. tenant-id is your company's Tenant ID. You can confirm the URL from the registration email message you received.
    Note:

    CLP users do not need to type the CLP logon URL.

  5. Specify your LMP or CLP account credentials and click OK.

    The Cloud App Security server appears in the list.

Managing Cloud App Security

  1. In Apex Central, perform either of the following to open the Directory Management page:

    • Go to Administration > Managed Servers > Server Registration, and then click Directory Management.

    • Go to Directories > Products, and then click Directory Management.

  2. In the product tree, click Local Folder > New Entity, and then locate and select the Cloud App Security entity.
  3. Manage the Cloud App Security entity as necessary.

Configuring Single Sign-On

  1. In Apex Central, go to Administration > Managed Servers > Server Registration.
  2. Under Server Type, select Cloud App Security.
  3. Under Server, click the server address.

    The Dashboard screen of the Cloud App Security management console opens in a new browser tab.

Checking Cloud App Security Server Status

  1. In Apex Central, go to Dashboard.
  2. Click the Summary tab.
  3. Scroll down and find the Product Connection Status widget.

    You can check the status of any Cloud App Security server registered with Apex Central.

Querying Cloud App Security Logs

Cloud App Security Malware Scanning, File blocking, Web Reputation, Virtual Analyzer, and Data Loss Prevention logs are available in Apex Central.

  1. In Apex Central, go to Detections > Logs > Log Query.

    The Log Query screen appears.

  2. Click the Virus/Malware detections drop-down list, select the type of logs to query, and then click OK.

    For more information, see Log Query Data Views in the "Trend Micro Apex Central Online Help".

  3. In the product tree, click Local Folder > New Entity, select the Cloud App Security entity, and then click OK.
  4. Select a date range and click Search.

    The log query result screen appears, showing the query results.

Viewing Data Loss Prevention Policy Violating Data

Cloud App Security transfers the content that violates Data Loss Prevention policies to Apex Central and displays it on the Apex Central dashboard.

  1. Go to Dashboard > DLP Incident Investigation.
  2. Click a number in the DLP Incidents by Severity and Status or DLP Incidents by User widget.

    The Incident Information screen appears.

  3. Click Action at the end of an incident row.

    The Incident Details screen appears, where the violating content is displayed under Matching content, with sensitive data masked or unmasked as configured in the corresponding Cloud App Security Data Loss Prevention policies.