Integrate with Trend Vision One (XDR)

XDR in Trend Vision One applies expert analytics and global threat intelligence using data collected across multiple vectors - email, endpoints, servers, cloud workloads, and networks.

Personally-identifiable information is collected by Trend Vision One. For more information, see Trend Micro XDR Data Collection Notice.

To integrate Trend Vision One with Deep Security, you need to purchase a license. For information, see Register with Trend Vision One (XDR).

After registering with Trend Vision One (XDR), security events for protection modules are forwarded to Trend Vision One by default. To forward activity data to Trend Vision One, you need to install Trend Micro Endpoint Basecamp with the relevant deployment script or an installer downloaded from the Trend Vision One console.

Register with Trend Vision One (XDR)

  1. Obtain the Trend Vision One enrollment token from your organization's administrator who should follow instructions provided in Configuring Deep Security Software to obtain the token.
  2. The token is only valid for 24 hours after it has been generated. If it expires, generate a new one using the same steps.

  3. In Deep Security Manager, go to Administration > System Settings > Trend Vision One.
  4. Click Register enrollment token.
  5. Use the dialog that opens to paste the enrollment token you received from your organization's administrator, and then click Register.

After the registration has been completed, Deep Security automatically forwards data to the Trend Vision One platform for analysis.

To register with Trend Vision One (XDR) via a proxy server, go to Administration > System Settings > Proxies > Proxy Server Use > Deep Security Manager (Connection to Trend Micro services) and select the correct proxy setting.

Forward security events to Trend Vision One (XDR)

After successfully registering to Trend Vision One (XDR), the Forward security events to Trend Vision One setting is enabled by default. When this configuration is enabled, events from the following protection modules are forwarded to Trend Vision One:

  • Anti-Malware
  • Web Reputation
  • Device Control
  • Integrity Monitoring
  • Log Inspection
  • Intrusion Prevention

To stop forwarding security events to Trend Vision One, go to Administration > System Settings > Trend Vision One and deselect the Forward security events to Trend Vision One option.

If you have connected your agents and relays to the primary security update source via a proxy, the same proxy settings are automatically used.

Forward activity data to Trend Vision One (XDR)

To forward activity data to Trend Vision One, install Trend Micro Endpoint Basecamp with the relevant deployment script or an installer downloaded from the Trend Vision One console.

The deployment script can be deployed with tools like RightScale, Chef, Puppet, or SSH as an administrator. Before you generate the deployment script, check the system requirements and supported operating systems on XDR Sensor System Requirements and be aware of the prerequisite verification executed on the script.

Generate a deployment script

  1. Before you begin, ensure that Deep Security Manager is connected to Trend Vision One.
  2. Go to Administration > System Settings > Trend Vision One.
  3. Under Activity Data Forwarding, select your platform. The deployment script generator displays the relevant script.
  4. Click Copy to Clipboard and paste the deployment script in your preferred deployment tool, or click Save to File.

    The deployment scripts generated by Deep Security Manager for Windows requires Windows PowerShell version 4.0 or later. You must run PowerShell as an administrator. If the script is not running, enter the following command:
    Set-ExecutionPolicy RemoteSigned
    If you need to deploy an agent to a version of Windows or Linux that doesn't include PowerShell 4.0 or curl 7.34.0:
    - Linux: remove the --tls1.2 tag.
    - Windows: remove the [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; line.
    Removing the above lines allows an earlier version of TLS (version 1.0) to communicate with the manager. Ensure that an earlier TLS is also allowed on the manager and relays. See Determine whether TLS 1.2 is enforced and Enable early TLS (1.0) for details.

  5. Modify the script to add the proxy server address if a proxy is required.

Once Trend Micro Endpoint Basecamp is installed, enable the sensor on Trend Vision One Endpoint Inventory.

Endpoint Basecamp does not support proxy credentials.

Download the agent installer

To download the agent installer, go to Trend Vision One > Endpoint Inventory and follow the instructions to check the prerequisite verification for agents.