Configuring Data Sources

By connecting multiple data sources to Risk Insights you gain access to more risk indicators across your corporate network.

  1. Go to Risk Insights > Operations Dashboard.
  2. Click the Data sources button in the upper right.

    You can also click Configure Data Source under each risk factor to configure the data sources that contribute to this factor. The risk factor and its corresponding data sources are highlighted on the screen that appears.

  3. Click the Source that you want to configure.
    Table 1. Trend Vision One XDR Sensors

    Source

    Data target

    Configuration

    Trend Vision One Endpoint Sensor

    User, app, and web activities, and vulnerability assessment on monitored endpoints

    Turn on Data upload permission.

    Trend Vision One Email Sensor

    Email activities in Office 365 Exchange Online

    Turn on Data upload permission.

    Trend Vision One Network Sensor

    Detected threats in monitored endpoint traffic

    Turn on Data upload permission.
    Table 2. Trend Micro Security Services

    Source

    Data target

    Configuration

    Trend Micro Apex One as a Service

    User, app, and web activities, and detected threats on monitored endpoints

    Turn on Data upload permission.

    Trend Micro Cloud App Security

    Monitor cloud app activity on Office 365 and Google Workspace apps

    Turn on Data upload permission.

    Trend Cloud One - Conformity

    Monitor cloud configuration on AWS™, Microsoft® Azure, and Google Cloud™ environments

    Trend Cloud One - Endpoint & Workload Security

    User, applications, web activities, security settings, and detected threats on monitored endpoints

    Turn on Data upload permission.

    Trend Micro Deep Discovery Inspector

    Targeted attacks and advanced threats in monitored network traffic

    Turn on Data upload permission.

    Trend Micro Deep Security

    User, application, and web activities, and detected threats on monitored endpoints

    Turn on Data upload permission.

    Trend Micro Web Security

    Web activity and web application related data of monitored devices and users via Trend Micro Web Security

    Turn on Data upload permission.

    Trend Micro Mobile Security

    Cloud apps, mobile apps, threats, and user activities detected on monitored mobile devices

    Turn on Data upload permission.

    TippingPoint Security Management System

    Network detection logs and filter rule status

    Turn on Data upload permission.

    Zero Trust Secure Access - Private Access

    User, device, threat detections, and internal app activities from your internal network

    Turn on Data upload permission.

    Zero Trust Secure Access - Internet Access

    User, device, threat detections, and cloud app activities to external networks

    Turn on Data upload permission.
    Table 3. Third-Party Data Source

    Source

    Data target

    Configuration

    Azure AD

    Allows access to user information and activity data

    1. Click Manage permissions and integration settings in Third-Party Integration to open the Azure AD screen of the Third-Party Integration app.

    2. Locate one or multiple Azure AD tenants that you want to grant permissions on, and then click Grant permissions in the Status column for Risk Insights.

    3. Follow the onscreen instructions to enable the data connection.

    4. Go back to the Azure AD Data Source panel and turn on Data upload permission.

    Active Directory (on-premises)

    Allows access to user information and activity data

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Important:

    Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

    Nessus Pro

    Allows access to Nessus Pro user data regarding apps, devices, and behaviors

    After configuring Nessus Pro in Third-Party Integration, turn on Data upload permission.

    Office 365

    Usage and activities on Office 365 apps including OneDrive and SharePoint

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Important:

    Configuring Office 365 as a data source also requires that you configure Azure AD as a data source. To do so, enable the Data upload permission toggle in the Azure AD data source (if not already configured).

    After connecting to Trend Micro Cloud App Security, turn on Threat detection upload permission to further analyze threats detected on monitored Office 365 apps.

    Okta

    Allows access to user information and activity data

    Before turning on Data upload permission, obtain the Okta URL domain and API token from your Okta environment.

    Note:

    Your Okta user account must have one of the following administrator privileges in Okta:

    • API Access Management Admin

    • Mobile Admin

    • Read-Only Admin

    • App Admin

    • Org Admin

    • Super Admin

    Turn on Data upload permission to grant Trend Micro permission to enable the data connection.

    Important:

    Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

    OpenLDAP

    Allows access to user information from your internal network

    Turn on Data upload permission and follow the onscreen instructions to enable the data connection.

    Qualys

    Third-party vulnerability assessment tool (SaaS)

    Turn on Data upload permission and provide a Qualys account with the following permissions:

    • Role: Reader

    • Asset Management Permissions: Read Asset

    • Allow access: API

    • Asset Groups (assigned to)

    Note:

    Qualys integration only provides CVE detection data and limited device information. For complete activity monitoring of exploit attempts and comprehensive device insights, install and enable Trend Vision One Endpoint Sensor.

    Rapid7 - InsightVM

    Third-party vulnerability assessment tools (SaaS)

    Provide the Insight Platform URL and API key for a Rapid7 Insight account with the Platform Admin role.

    Rapid7 - Nexpose

    Third-party vulnerability assessment tools (on-premises)

    After configuring the Rapid7 integration settings in Third-Party Integration, turn on Data upload permission.

    Splunk - Network Firewall / Web Gateway Logs

    User activities on detected cloud apps

    Before turning on Data upload permission, install the Trend Micro Risk Insights for Splunk app and provide the API token.

    Configure the necessary firewall exceptions based on your region:

    • Australia: ingestor-anz.xdr.trendmicro.com

    • Europe: ingestor-eu.xdr.trendmicro.com

    • India: ingestor-in.xdr.trendmicro.com

    • Japan: ingestor-jp.xdr.trendmicro.com

    • Singapore: ingestor-sg.xdr.trendmicro.com

    • United States: ingestor-us.xdr.trendmicro.com

    Tenable.io

    Third-party vulnerability assessment tool (SaaS)

    Tenable.io Data Source Setup
Parent topic: Operations Dashboard