Configuring the Data Source for Risk Analysis

By connecting multiple data sources, such as Azure AD or Splunk, you gain access to more risk indicators across your corporate network.

  1. Go to Security Posture > Zero Trust Risk Insights.
  2. Click the Data source gear icon in the upper right.

    You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.

  3. Click the Source that you want to configure.

    Source

    Data target

    Configuration

    Trend Micro Vision One Endpoint Sensor

    User, app, and web activities, and vulnerability assessment on monitored endpoints

    Turn on Data upload permission.

    Note:

    Enable Endpoint Sensor on endpoints using the Endpoint Inventory app.

    Connected Endpoint Product Agent

    User, app, and web activities, and detected threats on monitored endpoints

    Turn on Data upload permission.

    Email Sensor

    Email activities in Office 365 Exhange Online

    Turn on Data upload permission.

    Note:

    Enable Email Sensor on mailboxes using the Email Account Inventory app.

    Network Sensor

    Detected threats in monitored endpoint traffic

    Turn on Data upload permission.

    Note:

    Install Network Sensors on your network using the Network Inventory app.

    Web Sensor

    Web activity of managed users and devices

    Follow the onscreen instructions to deploy the Web Sensor and enable the data connection.

    For details, see Deploying the Web Sensor.

    Mobile Sensor

    Cloud apps detected by monitored mobile devices and users

    Turn on Data upload permission.

    Note:

    Install Mobile Sensor on mobile devices using the Mobile Inventory app.

    Azure AD

    Allows access to user information and activity data

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Turn on Policy enforcement permission to grant Trend Micro permission to enforce the following user policies: Disable User Account, Enable User Account, and Force Log Off.

    Okta

    Allows access to user information and activity data

    Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.

    Note:

    Your Okta user account must have one of the following administrator privileges in Okta:

    • API Access Management Admin

    • Report Admin

    • Mobile Admin

    • Read-Only Admin

    • App Admin

    • Org Admin

    • Super Admin

    Turn on Data upload permission to grant Trend Micro permission to enable the data connection.

    Office 365

    Usage and activities on Office 365 apps including OneDrive and SharePoint

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Note:

    Office 365 integration also requires that you permit data upload from Azure AD.

    After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.

    Splunk-Network Firewall/Web Gateway Logs

    User activities on detected cloud apps

    1. Click the link to install the Trend Micro Risk Insights for Splunk app in Splunk.

    2. Copy the Authentication token and paste into the Splunk app.

    3. Turn on Data upload permission.