Configuring the Data Source for Risk Analysis

By connecting multiple data sources, such as Azure AD or Splunk, you gain access to more risk indicators across your corporate network.

  1. Go to Risk Insights > Operations Dashboard.
  2. Click the Data source gear icon in the upper right.

    You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.

  3. Click the Source that you want to configure.

    Source

    Data target

    Configuration

    Trend Micro Vision One Endpoint Sensor

    User, app, and web activities, and vulnerability assessment on monitored endpoints

    Turn on Data upload permission.

    Note:

    Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source.

    Connected Endpoint Product Agent

    User, app, and web activities, and detected threats on monitored endpoints

    Turn on Data upload permission.

    Email Sensor

    Email activities in Office 365 Exchange Online

    Turn on Data upload permission.

    Network Sensor

    Detected threats in monitored endpoint traffic

    Turn on Data upload permission.

    Web Sensor

    Web activity of managed users and devices

    1. Configure and enable the Internet Access Service using the Zero Trust Secure Access app. For details, see Internet Access Configuration.

    2. Turn on Data upload permission.

    Mobile Sensor

    Cloud apps detected by monitored mobile devices and users

    Turn on Data upload permission.

    Azure AD

    Allows access to user information and activity data

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Important:

    Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

    Okta

    Allows access to user information and activity data

    Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.

    Note:

    Your Okta user account must have one of the following administrator privileges in Okta:

    • API Access Management Admin

    • Mobile Admin

    • Read-Only Admin

    • App Admin

    • Org Admin

    • Super Admin

    Turn on Data upload permission to grant Trend Micro permission to enable the data connection.

    Important:

    Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

    Office 365

    Usage and activities on Office 365 apps including OneDrive and SharePoint

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Note:

    Office 365 integration also requires that you permit data upload from Azure AD.

    After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.

    Qualys

    Basic vulnerability data assessment on devices

    Turn on Data upload permission and provide a Qualys account with the following permissions:

    • Role: Reader

    • Asset Management Permissions: Read Asset

    • Allow access: API

    • Asset Groups (assigned to)

    Note:

    Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, do not enable Qualys. Install and enable Trend Micro Vision One Endpoint Sensor.

    Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source.

    Splunk - Network Firewall / Web Gateway Logs

    User activities on detected cloud apps

    Before turning on Data upload permission, install the Trend Micro Risk Insights for Splunk app and provide the API token.

    Configure the necessary firewall exceptions based on your region:

    • Australia: ingestor-anz.xdr.trendmicro.com

    • Europe: ingestor-eu.xdr.trendmicro.com

    • India: ingestor-in.xdr.trendmicro.com

    • Japan: ingestor-jp.xdr.trendmicro.com

    • Singapore: ingestor-sg.xdr.trendmicro.com

    • United States: ingestor-us.xdr.trendmicro.com