Integrate with Trend Micro Vision One (XDR)

The XDR capabilities of Trend Micro Vision One applies effective expert analytics and global threat intelligence using data collected across multiple vectors - email, endpoints, servers, cloud workloads, and networks.

Personally identifiable information is collected by Trend Micro Vision One. For more information about what information is collected, see Trend Micro XDR Data Collection Notice.

There are currently two ways of integrating Trend Micro Vision One with Deep Security:

Register to Trend Micro Vision One (XDR)

  1. Obtain the Trend Micro Vision One enrollment token from your organization's administrator.
  2. Your organization's administrator can follow the steps here to obtain the token.

    The token is only valid for 24 hours after it's generated. If it expires, generate a new one using the same steps.

  3. In Deep Security Manager, go to Administration > System Settings > Trend Micro Vision One.
  4. Click Register enrollment token.
  5. In the pop-up window, paste the enrollment token you received from your organization's administrator and click Register.

After registration has completed successfully, Deep Security automatically forwards data to the Trend Micro Vision One platform, where it is analyzed.

Forward security events to Trend Micro Vision One (XDR)

After successfully registering to Trend Micro Vision One (XDR), the Forward security events to Trend Micro Vision One setting is enabled by default. When this configuration is enabled, events from the following protection modules are forwarded to Trend Micro Vision One:

  • Anti-Malware
  • Web Reputation
  • Integrity Monitoring
  • Log Inspection
  • Intrusion Prevention

If you'd like to stop forwarding security events to Trend Micro Vision One, go to Administration > System Settings > Trend Micro Vision One and deselect the Forward security events to Trend Micro Vision One option.

If you have connected your agents and relays to the 'primary security update source' via a proxy, the same proxy settings will automatically be used.

Forward activity data to Trend Micro Vision One (XDR)

To forward activity data to Trend Micro Vision One, you need to install Trend Micro Endpoint Basecamp with the relevant deployment script.

The deployment script can be deployed with tools like RightScale, Chef, Puppet, or SSH as an administrator.

Before you generate the deployment script, check the system requirements and supported operating systems on XDR Sensor System Requirements.

Generate a deployment script

  1. Before you begin, ensure Deep Security Manager is connected to Trend Micro Vision One.
  2. Go to Administration > System Settings > Trend Micro Vision One.
  3. Under Activity Data Forwarding, select your platform. The deployment script generator displays the relevant script.
  4. Click Copy to Clipboard and paste the deployment script in your preferred deployment tool, or click Save to File.
  5. The deployment scripts generated by Deep Security Manager for Windows requires Windows PowerShell version 4.0 or later. You must run PowerShell as an administrator. If the script is not running, enter the following command:
    Set-ExecutionPolicy RemoteSigned
    If you need to deploy an agent to a version of Windows or Linux that doesn't include PowerShell 4.0 or curl 7.34.0:
    - Linux: remove the --tls1.2 tag.
    - Windows: remove the [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; line.
    Removing the above lines allows an earlier version of TLS (version 1.0) to communicate with the manager. Ensure that an earlier TLS is also allowed on the manager and relays. See Determine whether TLS 1.2 is enforced and Enable early TLS (1.0) for details.

  6. Modify the script to add the proxy server address if a proxy is required.

Once Trend Micro Endpoint Basecamp is installed, enable the sensor on Trend Micro Vision One Endpoint Inventory.

Endpoint Basecamp does not support proxy credentials.

Complimentary marketing promotion

The ability to integrate Deep Security with Trend Micro Vision One was introduced in Deep Security Manager 20.0.198 (20 LTS Update 2020-10-19) as a complimentary promotion. For more information about Trend Micro Vision One and to learn if you're eligible to participate in the promotion, see Experience the Value of Trend Micro XDR Today.

If you're eligible, the below banner appears in Deep Security Manager:

Once you've clicked through the pop-ups, you're redirected to the Trend Micro Vision One Onboarding Portal. Sign in to your Deep Security account and follow the Trend Micro Vision One tutorial to integrate Deep Security with Trend Micro Vision One.

If the banner hasn't appeared in your Deep Security Manager:

  • Ensure the manager has connectivity to the FQDNs that are related to Trend Micro Vision One listed in the Deep Security URLs table. To determine if you're eligible for this promotion, Deep Security Manager connects to Trend Micro to validate your license status. To establish the network connection, the manager must be able to connect to the FQDNs that are related to Trend Micro Vision One. If Deep Security Manager cannot establish a connection to Trend Micro to validate your license, the popup banner will not appear.
  • Upgrade to Deep Security Manager 20.0.198 (20 LTS Update 2020-10-19) or a later version.

If the banner still hasn't appeared and you're interested in participating in Trend Micro Vision One, contact your Trend Micro representative.