Configuring the Data Source for Risk Analysis
By connecting multiple data sources, such as Azure AD or Splunk, you gain access to more risk indicators across your corporate network.
- Go to Risk Insights > Operations Dashboard.
-
Click the Data source gear icon in the upper
right.
You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.
-
Click the Source that you want to configure.
Source
Data target
Configuration
Trend Micro Vision One Endpoint Sensor
User, app, and web activities, and vulnerability assessment on monitored endpoints
Turn on Data upload permission.
Connected Endpoint Product Agent
User, app, and web activities, and detected threats on monitored endpoints
Turn on Data upload permission.
Trend Micro Vision One Email Sensor
Email activities in Office 365 Exchange Online
Turn on Data upload permission.
Trend Micro Vision One Network Sensor
Detected threats in monitored endpoint traffic
Turn on Data upload permission.
Web Sensor
Web activity of managed users and devices
-
Configure and enable the Internet Access Service using the Zero Trust Secure Access app. For details, see Internet Access Configuration.
-
Turn on Data upload permission.
Mobile Sensor
Cloud apps detected by monitored mobile devices and users
Turn on Data upload permission.
Azure AD
Allows access to user information and activity data
Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
Important:Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.
Nessus Pro
Allows access to Nessus Pro user data regarding apps, devices, and behaviors
After configuring Nessus Pro in Third-Party Integration, turn on Data upload permission.
Okta
Allows access to user information and activity data
Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.
Note:Your Okta user account must have one of the following administrator privileges in Okta:
-
API Access Management Admin
-
Mobile Admin
-
Read-Only Admin
-
App Admin
-
Org Admin
-
Super Admin
Turn on Data upload permission to grant Trend Micro permission to enable the data connection.
Important:Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.
Office 365
Usage and activities on Office 365 apps including OneDrive and SharePoint
Turn on Data upload permission and follow the onscreen instructions to enable the data connection.
Note:Office 365 integration also requires that you permit data upload from Azure AD.
After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.
Qualys
Basic vulnerability data assessment on devices
Turn on Data upload permission and provide a Qualys account with the following permissions:
-
Role: Reader
-
Asset Management Permissions: Read Asset
-
Allow access: API
-
Asset Groups (assigned to)
Note:Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Trend Micro Vision One Endpoint Sensor.
Splunk - Network Firewall / Web Gateway Logs
User activities on detected cloud apps
Before turning on Data upload permission, install the Trend Micro Risk Insights for Splunk app and provide the API token.
Configure the necessary firewall exceptions based on your region:
-
Australia: ingestor-anz.xdr.trendmicro.com
-
Europe: ingestor-eu.xdr.trendmicro.com
-
India: ingestor-in.xdr.trendmicro.com
-
Japan: ingestor-jp.xdr.trendmicro.com
-
Singapore: ingestor-sg.xdr.trendmicro.com
-
United States: ingestor-us.xdr.trendmicro.com
-
