By connecting multiple data sources, such as Azure AD or Splunk, you gain access to more risk indicators across your corporate network.
You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.
Source |
Data target |
Configuration |
---|---|---|
Trend Micro Vision One Endpoint Sensor |
User, app, and web activities, and vulnerability assessment on monitored endpoints |
Turn on Data upload permission. Note:
Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source. |
Connected Endpoint Product Agent |
User, app, and web activities, and detected threats on monitored endpoints |
Turn on Data upload permission. |
Email Sensor |
Email activities in Office 365 Exchange Online |
Turn on Data upload permission. |
Network Sensor |
Detected threats in monitored endpoint traffic |
Turn on Data upload permission. |
Web Sensor |
Web activity of managed users and devices |
|
Mobile Sensor |
Cloud apps detected by monitored mobile devices and users |
Turn on Data upload permission. |
Azure AD |
Allows access to user information and activity data |
Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Important:
Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis. |
Okta |
Allows access to user information and activity data |
Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment. Note:
Your Okta user account must have one of the following administrator privileges in Okta:
Turn on Data upload permission to grant Trend Micro permission to enable the data connection. Important:
Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis. |
Office 365 |
Usage and activities on Office 365 apps including OneDrive and SharePoint |
Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Note:
Office 365 integration also requires that you permit data upload from Azure AD. After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps. |
Qualys |
Basic vulnerability data assessment on devices |
Turn on Data upload permission and provide a Qualys account with the following permissions:
Note:
Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, do not enable Qualys. Install and enable Trend Micro Vision One Endpoint Sensor. Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source. |
Splunk - Network Firewall / Web Gateway Logs |
User activities on detected cloud apps |
Before turning on Data upload permission, install the Trend Micro Risk Insights for Splunk app and provide the API token. Configure the necessary firewall exceptions based on your region:
|