Integrate with Trend Micro Vision One (XDR)

The XDR capabilities of Trend Micro Vision One applies effective expert analytics and global threat intelligence using data collected across multiple vectors - email, endpoints, servers, cloud workloads, and networks.

Personally identifiable information is collected by Trend Micro Vision One. For more information about what information is collected, see Trend Micro XDR Data Collection Notice.

There is currently one way to integrate Trend Micro Vision One with Deep Security:

• Purchase a license. For information, see Register with Trend Micro Vision One (XDR).

After successfully registering with Trend Micro Vision One (XDR), security events for protection modules are forwarded to Trend Micro Vision One by default. To forward activity data to Trend Micro Vision One, you need to install Trend Micro Endpoint Basecamp with the relevant deployment script or an installer downloaded from the Trend Micro Vision One console.

Register with Trend Micro Vision One (XDR)

1. Obtain the Trend Micro Vision One enrollment token from your organization's administrator.

Your organization's administrator can follow the steps here to obtain the token.

The token is only valid for 24 hours after it's generated. If it expires, generate a new one using the same steps.

2. In Deep Security Manager, go to Administration > System Settings > Trend Micro Vision One.
3. Click Register enrollment token.
4. In the pop-up window, paste the enrollment token you received from your organization's administrator and click Register.

After registration has completed successfully, Deep Security automatically forwards data to the Trend Micro Vision One platform, where it is analyzed.

Forward security events to Trend Micro Vision One (XDR)

After successfully registering to Trend Micro Vision One (XDR), the Forward security events to Trend Micro Vision One setting is enabled by default. When this configuration is enabled, events from the following protection modules are forwarded to Trend Micro Vision One:

• Anti-Malware
• Web Reputation
• Device Control
• Integrity Monitoring
• Log Inspection
• Intrusion Prevention

If you'd like to stop forwarding security events to Trend Micro Vision One, go to Administration > System Settings > Trend Micro Vision One and deselect the Forward security events to Trend Micro Vision One option.

If you have connected your agents and relays to the 'primary security update source' via a proxy, the same proxy settings will automatically be used.

Forward activity data to Trend Micro Vision One (XDR)

To forward activity data to Trend Micro Vision One, you need to install Trend Micro Endpoint Basecamp with the relevant deployment script or an installer downloaded from the Trend Micro Vision One console.

The deployment script can be deployed with tools like RightScale, Chef, Puppet, or SSH as an administrator.

Before you generate the deployment script, check the system requirements and supported operating systems on XDR Sensor System Requirements and be aware of the prerequisite verification executed on the script.

Generate a deployment script

1. Before you begin, ensure Deep Security Manager is connected to Trend Micro Vision One.
2. Go to Administration > System Settings > Trend Micro Vision One.
3. Under Activity Data Forwarding, select your platform. The deployment script generator displays the relevant script.
4. Click Copy to Clipboard and paste the deployment script in your preferred deployment tool, or click Save to File.

The deployment scripts generated by Deep Security Manager for Windows requires Windows PowerShell version 4.0 or later. You must run PowerShell as an administrator. If the script is not running, enter the following command:
Set-ExecutionPolicy RemoteSigned
If you need to deploy an agent to a version of Windows or Linux that doesn't include PowerShell 4.0 or curl 7.34.0:
- Linux: remove the --tls1.2 tag.
- Windows: remove the [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; line.
Removing the above lines allows an earlier version of TLS (version 1.0) to communicate with the manager. Ensure that an earlier TLS is also allowed on the manager and relays. See Determine whether TLS 1.2 is enforced and Enable early TLS (1.0) for details.

5. Modify the script to add the proxy server address if a proxy is required.

Once Trend Micro Endpoint Basecamp is installed, enable the sensor on Trend Micro Vision One Endpoint Inventory.

Endpoint Basecamp does not support proxy credentials.

Download the agent installer

To download the agent installer, go to Trend Micro Vision One > Endpoint Inventory and follow the instructions to check the prerequisite verification for agents.