Trend Micro Vision One > Security Posture > Operations Dashboard > Configuring the Data Source for Risk Analysis

Configuring the Data Source for Risk Analysis

By connecting multiple data sources, such as Azure AD or Splunk, you gain access to more risk indicators across your corporate network.

Go to Risk Insights > Operations Dashboard.
Click the Data source gear icon in the upper right.
You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.

Click the Source that you want to configure.

Source	Data target	Configuration
Trend Micro Vision One Endpoint Sensor	User, app, and web activities, and vulnerability assessment on monitored endpoints	Turn on Data upload permission. Note: Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source.
Connected Endpoint Product Agent	User, app, and web activities, and detected threats on monitored endpoints	Turn on Data upload permission.
Email Sensor	Email activities in Office 365 Exchange Online	Turn on Data upload permission.
Network Sensor	Detected threats in monitored endpoint traffic	Turn on Data upload permission.
Web Sensor	Web activity of managed users and devices	Configure and enable the Internet Access Service using the Zero Trust Secure Access app. For details, see Internet Access Configuration. Turn on Data upload permission.
Mobile Sensor	Cloud apps detected by monitored mobile devices and users	Turn on Data upload permission.
Azure AD	Allows access to user information and activity data	Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Important: Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.
Okta	Allows access to user information and activity data	Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment. Note: Your Okta user account must have one of the following administrator privileges in Okta: API Access Management Admin Mobile Admin Read-Only Admin App Admin Org Admin Super Admin Turn on Data upload permission to grant Trend Micro permission to enable the data connection. Important: Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.
Office 365	Usage and activities on Office 365 apps including OneDrive and SharePoint	Turn on Data upload permission and follow the onscreen instructions to enable the data connection. Note: Office 365 integration also requires that you permit data upload from Azure AD. After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.
Qualys	Basic vulnerability data assessment on devices	Turn on Data upload permission and provide a Qualys account with the following permissions: Role: Reader Asset Management Permissions: Read Asset Allow access: API Asset Groups (assigned to) Note: Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, do not enable Qualys. Install and enable Trend Micro Vision One Endpoint Sensor. Trend Micro Vision One Endpoint Sensor acts as the data source for vulnerability detection if you do not configure the Qualys data source.
Splunk - Network Firewall / Web Gateway Logs	User activities on detected cloud apps	Before turning on Data upload permission, install the Trend Micro Risk Insights for Splunk app and provide the API token. Configure the necessary firewall exceptions based on your region: Australia: ingestor-anz.xdr.trendmicro.com Europe: ingestor-eu.xdr.trendmicro.com India: ingestor-in.xdr.trendmicro.com Japan: ingestor-jp.xdr.trendmicro.com Singapore: ingestor-sg.xdr.trendmicro.com United States: ingestor-us.xdr.trendmicro.com