Trend Vision One
> What's New
Online Help Center Home
Privacy and Personal Data Collection Disclosure
Pre-release Disclaimer
Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
June 2023
May 2023
April 2023
March 2023
Introduction
Trend Vision One
Features and Benefits
Trend Micro Supported Products
Platform Directory
Account Settings
Company Profile
Context Menu
Advanced Analysis Actions
Response Actions
Search Actions
Display Settings Actions
Simulations
Running Simulations on Endpoints with XDR
Running Simulations on Endpoints with Endpoint Sensor
Running Simulations on Endpoints with Deep Security Agents
Running the Network Attack Scenario
Running the Email Attack Scenario
Checking the Trend Vision One Service Status
SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
Getting Started with Trend Vision One
Accessing Your Trend Vision One Console
Essential Access
Activating Trend Vision One with Essential Access
Advanced Access
Activating Trend Vision One with Advanced Access
Connecting Trend Micro Products
Firewall Requirements for Trend Vision One
Australia - Firewall Exceptions
Europe - Firewall Exceptions
India - Firewall Exceptions
Japan - Firewall Exceptions
Singapore - Firewall Exceptions
United States - Firewall Exceptions
Reviewing Detection Models
Checking Workbench Alerts
Getting Started with Vulnerability Prioritization and Assessment
Deploying Trend Vision One Windows Agents and Enabling Vulnerability Assessment
Connecting Trend Cloud One - Endpoint & Workload Security and Enabling Activity Monitoring
Connecting Qualys to Trend Vision One for Vulnerability Analysis
Connecting Nessus Pro to Trend Vision One for Vulnerability Analysis
Risk Insights
Executive Dashboard
Risk Overview
Exposure Overview
CVE Impact Score
Cloud Asset Compliance Violations
Accounts with Weak Authentication
Multi-Factor Authentication Disabled
Password Expiration Disabled
Strong Password Requirement Disabled
Accounts That Increase Attack Surface Risk
Synced Admin Accounts
Extra Admin Accounts
Stale Accounts
Accounts With Excessive Privilege
Service Account Misconfiguration
Highly-Authorized Disabled Accounts
Attack Overview
Security Configuration Overview
Executive Dashboard Troubleshooting and FAQs
Executive Dashboard Troubleshooting
Risk Index Algorithm FAQs
Attack Surface Discovery
Internet-Facing Assets
Internet-Facing Domains
Internet-Facing IP Addresses
Asset Criticality
Risk Assessment
Asset Profile Screens
Device Profile
Account Profile
Cloud App Profile
Cloud App Risk Levels
Asset Profile Tags
Risk Insights Response Actions
Operations Dashboard
Risk Factors
Risk Index Overview
Risk Reduction Measures
Risk Index Reduction
Risk Reduction Goals
At-Risk Users/Devices
Account Compromise
Vulnerabilities
Vulnerability Assessment System Requirements
CVE Profile
Mean Time to Patch (MTTP) and Average Unpatched Time
Highly-Exploitable CVE Density and Vulnerable Endpoint Percentage
Activity and Behaviors
Cloud App Activity
System Configuration
Accounts with Weak Authentication
Multi-Factor Authentication Disabled
Password Expiration Disabled
Strong Password Requirement Disabled
Accounts That Increase Attack Surface Risk
Synced Admin Accounts
Extra Admin Accounts
Stale Accounts
Accounts With Excessive Privilege
Service Account Misconfiguration
Highly-Authorized Disabled Accounts
Cloud Asset Compliance Violations
XDR Detection
Threat Detection
Security Configuration
Cloud Activity
Configuring Data Sources
Risk Visibility Support for Trend Micro Products
Conformity AWS Data Source Setup
Conformity Azure Data Source Setup
Conformity Google Cloud Platform Data Source Setup
Tenable.io Data Source Setup
Security Dashboard
Customizing the Security Dashboard
Report Management
Configure a Custom Report
Configure a Report From a Template
Report Management License Requirements
XDR Threat Investigation
Detection Model Management
Detection Models
Detection Model Data
Custom Models
Creating a Custom Model
Creating a Custom Filter
Exceptions
Adding a Custom Exception
Adding an Exception From the Context Menu
Editing a Custom Exception
Workbench
Alert View
Alert View Data
Performing an Alert Investigation
Alert Details
Context Menu
Advanced Analysis Actions
Execution Profile
Enabling WebGL
Network Analytics Report
Overview of the Network Analytics Report
Reviewing the Summary
Analysis Using the Correlation Graph
Correlation Graph Advanced Search Filter
Analysis Using the Transaction and IOC Details
Adding an Exception From the Context Menu
Assigning Alerts
Incident View
Incident Details
Alerts Tab
Incident-based Execution Profile
Assigning Incidents
Search App
Search Actions from the Context Menu
Search Syntax: Simple Search
Search Syntax: Complex Queries
Saved Queries
Changing the Search Results View
Search Method Data Sources
Data Mapping: General Search
Data Mapping: Cloud Activity Data
Data Mapping: Detections
Data Mapping: Email Activity Data
Data Mapping: Endpoint Activity Data
eventId and eventSubId Mapping
Data Mapping: Message Activity Data
Data Mapping: Secure Access Activity Data
Data Mapping: Mobile Activity Data
eventId and eventSubId Mapping
Data Mapping: Network Activity Data
Data Mapping: Web Activity Data
Observed Attack Techniques
Targeted Attack Detection
Attack Exposure
Security Features and XDR Sensors
Attack Phases
Attack Scope
Risk Management Guidance
Forensics and Analysis
War Room Tab
Workspaces
Adding Elements to an Investigation Timeline
Packages Tab
Evidence Collection
Manual Evidence Collection
Supported Evidence Types
Managed Services
Request List
Settings
Configuring Response Approval Settings
Response Actions
Threat Intelligence
Campaign Intelligence
Threat Information Screen
Intelligence Reports
Curated Intelligence
Custom Intelligence
Sweeping Types
STIX Indicator Patterns for Sweeping
Suspicious Object Management
Suspicious Object List
Adding Suspicious Objects
Importing Objects
Suspicious Object Actions
Exception List
Adding Exceptions
Sandbox Analysis
Consolidated Analysis Results
Submitting Objects for Analysis
Submission Settings Configuration
Supported File Types
Submitters and Connection Types
Possible Reasons for Analysis Failure
Third-Party Intelligence
TAXII Feeds
Configuring a TAXII Feed
MISP Feeds
Workflow and Automation
Security Playbooks
Execution Results
Creating a User-Defined Playbook
Automated Response Playbooks
Creating a Playbook From a Template
Incident Response Evidence Collection Playbooks
Supported Evidence Types
Playbook Nodes
Security Playbooks License Requirements
Response Management
Response Actions
Add to Block List Task
Collect Evidence Task
Collect File Sample Task
Collect Network Analysis Package Task
Delete Email Message Task
Disable User Account Task
Enable User Account Task
Force Password Reset Task
Force Sign Out Task
Isolate Endpoint Task
Quarantine Email Message Task
Remove from Block List Task
Restore Connection Task
Run Remote Custom Script Task
Start Remote Shell Session Task
Remote Shell Commands for Windows Endpoints
Remote Shell Commands for Linux Endpoints
Remote Shell Commands for Mac Endpoints
Submit for Sandbox Analysis Task
Terminate Process Task
Response Data
Third-Party Integration
Active Directory (On-Premises) Integration
Active Directory Data Usage in Associated Apps
Configuring Data Synchronization and User Access Control
Active Directory Permissions for User Access Control
Configuring Log Forwarding
Azure AD Integration
Azure AD Data Usage in Associated Apps
Configuring Azure AD Integration
Blocking Azure AD Permissions
Assigning the Password Administrator Role
Troubleshooting Azure AD Connections
Check Point Open Platform for Security (OPSEC) Integration
FortiGate Next-Generation Firewall Integration
MISP Integration
Nessus Pro Integration
Okta Integration
Configuring Okta Tenants
Obtaining Your Okta URL Domain and API Token
OpenLDAP Integration
Palo Alto Panorama Integration
Plain Text (Freetext) Feed Integration
ProxySG and Advanced Secure Gateway Integration
QRadar on Cloud with STIX-Shifter Integration
Rapid7 - Nexpose Integration
Splunk HEC Connector Configuration
Syslog Connector (On-premises) Configuration
Syslog Connector (SaaS/Cloud) Configuration
TAXII Feed Integration
Trend Vision One Connector for Azure Sentinel
Deploying the Trend Vision One Connector
Checking Ingested Data in Log Analytics Workspace
Trend Vision One Connector for ServiceNow ITSM Add-On Integration
Trend Micro Vision One for Cortex XSOAR Integration
Creating a User Role for Cortex XSOAR Integration
Trend Vision One for QRadar (XDR) Add-On Integration
Trend Vision One for ServiceNow Ticketing System Integration
Trend Micro Vision One for Splunk (XDR) App Integration
Syslog Content Mapping - CEF
CEF Workbench Logs
CEF Observed Attack Techniques Logs
API Automation Center
Service Gateway Management
Getting Started with Service Gateway
Service Gateway Overview
What's New in Service Gateway
Service Gateway Appliance System Requirements
Ports and URLs Used by the Service Gateway Virtual Appliance
Australia - Firewall Exceptions for Service Gateway
Europe - Firewall Exceptions for Service Gateway
India - Firewall Exceptions for Service Gateway
Japan - Firewall Exceptions for Service Gateway
Singapore - Firewall Exceptions for Service Gateway
United States - Firewall Exceptions for Service Gateway
Deployment Guides
Deploying a Service Gateway Virtual Appliance with VMware ESXi
Deploying a Service Gateway Virtual Appliance with Microsoft Hyper-V
Deploying a Service Gateway Virtual Appliance with Microsoft Azure
Deploying a Service Gateway Virtual Appliance with AWS
Service Gateway Appliance Configuration
Managing Services in Service Gateway
Service Gateway Services
ActiveUpdate Configuration
ActiveUpdate Source URLs
Smart Protection Services
Smart Protection Service Product Support
Connecting Trend Micro Products to Smart Protection Server
Configuring Service Gateway Settings
Managing Service Gateway Storage
Service Gateway Management 1.0
Service Gateway 1.0 Appliance System Requirements
Configuring Service Gateway Settings
Switching from Service Gateway 1.0 to the Latest Version
Migrating from Service Gateway 1.0 to 2.0
Upgrading from Service Gateway 1.0 to 2.0
Service Gateway Troubleshooting and FAQs
Service Gateway FAQs
Troubleshooting Service Gateway
Service Gateway Support Settings
Service Gateway CLI Commands
Service Gateway 1.0 CLI Commands
Service Gateway 2.0 Migration Troubleshooting
Zero Trust Secure Access
Getting Started with Zero Trust Secure Access
What is Zero Trust Secure Access?
Preparing to Deploy Private Access and Internet Access Services
Zero Trust Secure Access Credit Settings
System Requirements
Private Access Connector System Requirements
Secure Access Module System Requirements
Traffic Protocol Support
Port and FQDN/IP Address Requirements
Australia - Zero Trust Secure Access FQDNs/IP Addresses
Europe - Zero Trust Secure Access FQDNs/IP Addresses
India - Zero Trust Secure Access FQDNs/IP Addresses
Japan - Zero Trust Secure Access FQDNs/IP Addresses
Singapore - Zero Trust Secure Access FQDNs/IP Addresses
United States - Zero Trust Secure Access FQDNs/IP Addresses
Deployment Considerations
Private Access - Client vs Browser Access
Internet Access - Client Access vs Traffic Forwarding
Traffic Forwarding Options for Internet Access
Deployment Guides
Setting Up Zero Trust Secure Access Private Access
Identity and Access Management Integration
Azure AD Integration and SSO for Zero Trust Secure Access
Okta Integration and SSO for Zero Trust Secure Access
Active Directory (on-premises) Integration and SSO for Zero Trust Secure Access
OpenLDAP Integration and SSO for Zero Trust Secure Access
Private Access Connector Deployment
Deploying the Private Access Connector on VMware ESXi
Deploying the Private Access Connector on AWS Marketplace
Manual Scaling
Automatic Scaling
Deploying the Private Access Connector on Microsoft Azure
Manual Scale
Custom Autoscale
Deploying the Private Access Connector on Google Cloud Platform
Deploying the Private Access Connector on Microsoft Hyper-V
Private Access Connector CLI Commands
Secure Access Module Deployment
User Portal for Private Access Configuration
Setting Up Zero Trust Secure Access Internet Access
Identity and Access Management Integration
Azure AD Integration and SSO for Zero Trust Secure Access
Okta Integration and SSO for Zero Trust Secure Access
Active Directory On-Premises Integration and SSO for Zero Trust Secure Access
NTLM Single Sign-On for Internet Access
OpenLDAP Integration and SSO for Zero Trust Secure Access
Identifying Corporate Network Locations
Adding Corporate Locations to the Internet Access Cloud Gateway
Deploying an Internet Access On-Premises Gateway
Secure Access Module Deployment
PAC File Configuration
PAC File Deployment
Secure Access Module Configuration
Browser Configuration
GPO Creation
Setting Up Zero Trust Secure Access Risk Control
Ranges and Limitations
Secure Access Overview
Risk Control Summary
Private Access
Internet Access
Secure Access Rules
Creating a Risk Control Rule in Playbook View
Risk Control Rule Components in Playbook View
Modifying a Risk Control Rule in Classic View
Secure Access Rule Templates
Creating a Private Access Control Rule
Creating an Internet Access Control Rule
Zero Trust Actions
Block Cloud App and URL Access Task
Block Internal App Access Task
Disable User Account Task
Enable User Account Task
Force Password Reset Task
Assigning the Password Administrator Role
Force Sign Out Task
Isolate Endpoint Task
Restore Connection Task
Unblock Cloud App and URL Access Task
Unblock Internal App Access Task
Secure Access Resources
Device Posture Profiles
Adding a Device Posture Profile
List of Supported Vendors
Getting the Certificate Location using PowerShell
File Profiles
Adding a File Profile
Threat Protection Rules
Adding a Threat Protection Rule
Supported Files for Sandbox Analysis
Data Loss Prevention Rules
Adding a Data Loss Prevention Rule
Custom URL Categories
Custom Cloud App Categories
Adding a Custom Cloud App Category
IP Address Groups
Adding an IP Address Group
Tenancy Restriction Rules
Adding a Tenancy Restriction Rule
HTTP/HTTPS Request Filters
Adding an HTTP/HTTPS Request Filter
Secure Access History
Secure Access Configuration
Private Access Configuration
Private Access Connector Configuration
Internal Application Configuration
Adding an Internal Application to Private Access
Trend Micro Web App Discovery Chrome Extension
Discovering Internal Applications
Managing Certificates
Adding a Server Certificate
Adding an Enrollment Certificate
Global Settings
User Portal for Private Access Configuration
Internet Access Configuration
Internet Access Gateways and Corporate Network Locations
Adding Corporate Locations to the Internet Access Cloud Gateway
Deploying an Internet Access On-Premises Gateway
Syslog Content Mapping - CEF
PAC Files
Configuring PAC Files
HTTPS Inspection
HTTPS Inspection Rules
Adding an HTTPS Inspection Rule
Cross-Signing a CA Certificate
Deploying the Built-in CA Certificate
Inspection Exceptions
Adding a Domain Exception
TLS and SSL Certificates
Root and Intermediate CA Certificates
Server Certificates
URL Allow and Deny Lists
Global Settings
Configuring NTLM Single Sign-On with Active Directory (On-Premises)
Identity and Access Management
Supported IAM Systems and Required Permissions
Secure Access Module Deployment
Secure Access Module System Requirements
Deploying the Secure Access Module to Endpoints
Replacing the PAC File in the Secure Access Module
Deploying the Secure Access Module to Mobile Devices
Collecting Debug Logs from Endpoints
Customization Settings
Troubleshooting Zero Trust Secure Access
Internet Access Connection Troubleshooting
Private Access Connection Troubleshooting
Secure Access Module Troubleshooting
Assessment
Security Assessment Service
Assessment Tool Deployment
Deploying the Assessment Tool to Linux Endpoints
Deploying the Assessment Tool to macOS Endpoints
Deploying the Assessment Tool to Windows Endpoints
At-Risk Cloud Mailbox Assessment
At-Risk Endpoint Assessment
Phishing Simulation Assessment
Getting Started with Phishing Simulation Assessment
Phishing Simulation Assessment General Allow List Settings
Setting Up the Trend Micro Email Security Allow List
Setting Up the Microsoft Defender for Office 365 Allow List
Troubleshooting the Microsoft Defender for Office 365 Allow List
Setting Up the Google Workspace Allow List
Verifying Domain Ownership
Endpoint Security Operations
Endpoint Inventory 2.0
Getting Started with Endpoint Inventory 2.0
Managing the Endpoint List in Endpoint Inventory 2.0
Endpoint List Settings
Throttling Agent Bandwidth Suggestions
Managing Endpoint Groups
Endpoint Group Limitations
Deploying the Agent Installer
Deploying the Agent Installer to Windows Endpoints
Deploying the Agent Installer to Linux Endpoints
Deploying the Agent Installer to Mac Endpoints
Deploying the Agent Installer to Virtual Desktops
Updating the Agent on Virtual Desktops
Linux CLI Commands
Deploying the Agent Installer with Service Gateway Forward Proxy
Trend Vision One Agent System Requirements
Endpoint Inventory
Getting Started with XDR for Endpoints
Managing the Endpoint List in Endpoint Inventory 1.0
Endpoint List Settings in Endpoint Inventory 1.0
Endpoint Policies
Trend Cloud One - Endpoint & Workload Security
Network Security Operations
Network Inventory
Getting Started with Network Inventory
Using Network Inventory
Network Inspector Virtual Appliance
Network Inspector Virtual Appliance System Requirements
Getting Started with Network Inspector Virtual Appliance
Deploying a Network Inspector Virtual Appliance with VMware ESXi
Configuring VMware ESXi Network Settings
Deploying a Network Inspector Virtual Appliance with VMware vCenter
Configuring VMware vCenter Network Settings
Ports and URLs Used by the Network Inspector Virtual Appliance
Firewall Exceptions for Network Inspector Virtual Appliance
Network Inspector CLI Commands
Network Inspector Virtual Appliance Troubleshooting and FAQs
How can I test the connection between a Network Inspector virtual appliance and Trend Vision One?
How can I change the network IP settings from static IP to DHCP?
How can I manually register a Network Inspector virtual appliance in Trend Vision One?
Deep Discovery Inspector Appliances
Appliance Details
Deep Discovery Inspector Connection and Deployment Guides
Deep Discovery Inspector Virtual Appliance System Requirements
Deep Discovery Inspector Deployment Guides
Deploying a Deep Discovery Inspector Virtual Appliance
Deploying a Deep Discovery Inspector Virtual Appliance on AWS
Connecting a Deployed Deep Discovery Inspector Appliance
Connecting Deep Discovery Inspector Appliances to a Service Gateway
Integrating a Deep Discovery Inspector Virtual Appliance with Sandbox as a Service
Activating a Deep Discovery Inspector License Using the Customer Licensing Portal
Firewall Exceptions for Deep Discovery Inspector
Appliance Plans
Plan Details
Creating a Hotfix/Critical Patch Plan
Creating a Firmware Update Plan
Creating a Configuration Replication Plan
Creating a Virtual Analyzer Image Deployment Plan
Virtual Analyzer Image Source
Configuring Virtual Analyzer Image Source
Network Resources
Network Inventory with Deep Discovery Director
Connecting through Deep Discovery Director
Configuring Network Sensors with Deep Discovery Director
Network Intrusion Prevention
Getting Started with Network Intrusion Prevention
Integrating TippingPoint Network Sensors with Network Intrusion Prevention
Service Gateway Appliance System Requirements
Deploying a Service Gateway Virtual Appliance with VMware ESXi
Deploying a Service Gateway Virtual Appliance with Microsoft Hyper-V
Upgrading and Connecting TippingPoint SMS with Network Intrusion Prevention
Network Intrusion Prevention - Inventory
Network Intrusion Prevention - Policy Recommendations
Deploying Virtual Patch Filter Policies to TippingPoint SMS
CVE Profile Assessment
Email Security Operations
Email Account Inventory
Email Sensor Management
Mobile Security Operations
Getting Started with Mobile Security
Mobile Security Device Platform Features
System Requirements
Mobile Device Permission Requirements
Resource Consumption
Android Device Resource Consumption
IOS Device Resource Consumption
Google Workspace Integration
Setting Up Google Workspace Integration
Microsoft Endpoint Manager (Intune) Integration
Setting Up Intune Integration
VMware Workspace ONE UEM Integration
Preparing for the Integration
Setting Up Workspace ONE UEM Integration
Registering Workspace ONE as Your Android EMM
Azure Active Directory Integration
Granting Permissions on Azure AD Data
Changing your MDM integration solution
Mobile Inventory
Users Tab
Devices Tab
Groups Tab
Mobile Detection Logs
Mobile Policy
Mobile Policy Data
Configuring Mobile Policies
Risky Mobile Apps
Risky Mobile App Data
Approved List Data
Point Product Connections
Product Connector
Connecting a Product
Required Settings on Supported Products
Connecting Trend Micro Apex One as a Service
Configuring Cloud App Security
Configuring Trend Cloud One
Connecting AWS CloudTrail
Configuring Deep Security Software
Account
Single Sign-On
Configuring SAML Single Sign-On
Configuring Active Directory Federation Services
Configuring Azure Active Directory
Configuring Okta
User Accounts
Root Account
Configuring Accounts
Obtaining API Keys for Third-Party Apps
Obtaining API Keys for Third-Party Auditors
User Roles
Configuring Custom User Roles
Predefined Roles
Notifications
Alerts
Subscriptions
Managing Webhooks
Configuring Notifications
Configuring Notifications for Response Tasks
Configuring Notifications for New Workbench Alerts
Configuring Notifications for Private Access Connector Status
Audit Logs
User Logs
User Log Data
System Logs
System Log Data
Console Settings
License Information
Credit Usage
Introducing Credit-Based Licensing
Using the Credit Calculator
Trend Micro Offerings Supporting Credits
License Entitlements Calculated Into Credits
License Entitlements Calculated Into Credits - FAQs
Support Settings
Getting Help and Troubleshooting
Help and Support
Creating a Support Case
Self-Diagnosis
Running Diagnostic Tests
Finding Endpoint Information
Test Results Tab
XDR Endpoint Checker
Using XDR Endpoint Checker from a Web Browser
Using XDR Endpoint Checker from the Command Line
What's New
June 2023
June 5, 2023June 5, 2023
May 2023
April 2023
March 2023
