Views: 301

Schedule

Date Changes
24 Feb 2021 Apex One as a Service will show a bell icon as a heads-up for this migration
2021 March maintenance Apex One as a Service EDR related menu items will be re-directed to Trend Vision One

Change Scope

The following menu items will be redirected to Trend Vision One:

Menu items in
Apex One as a Service		 Corresponding App in
Trend Vision One

Response > Historical Investigation

Historical Investigation

Search App icon search app icon

Search

Dashboard > Threat Investigation > Quick Investigation widget

Quick Investigation widget

 Contents in this widget will be refreshed with a redirection message and redirection link to Trend Vision One Search app.

Dashboard > Threat Investigation > Attack Discovery Detections widget

Attack Discovery Detections widget

 Contents in this widget will be refreshed with a redirection message and redirection link to Trend Vision One Observed Attack Technique app.
Directories > Users/Endpoints (click detection name under Threats column) > Analyze Impact This menu button will be removed from UI. Customers are advised to use Trend Vision One Search app.
Directories > Users/Endpoints (click detection name under Threats column) > Analyze Impact This menu button will be removed from UI. Customers are advised to use Trend Vision One Search app.
Threat Intel > Virtual Analyzer Suspicious Objects > Analyze Impact
Threat Intel > Custom Intelligence > User-Defined Suspicious Objects > Analyze Impact
Live Investigation > Investigation Results (click objects in Root Cause Chain) > Add to Historical Investigation List
Live Investigation > Investigation Results (click objects in Root Cause Chain) > Start a Historical Investigation
Live Investigation > Investigation Results > Root Cause Analysis > Affected Endpoints

Affected Endpoints

Affected Endpoints
 
When performing a search, by default Apex One as a Service will look for all stored data; in the Trend Vision One Search app, the default search period is 7 days. Customers may manually adjust it to get the best search result.
 

An API will be revoked after this change takes place.

API Note
Assessment It will return the following error after the March maintenance:
"error code -103002. Unable to get the accessible servers"
RCA It will return 404 error after June 30, 2021

The Customer will need to use APIs in Trend Vision One Automation Center to rewrite their tasks.

  • What will be the management impact or change?

    • Only EDR-related menu items will be redirect to Trend Vision One for better user experience
    • The rest of the features (e.g. Virus Scan, Behavior Monitoring...etc) will continue to be managed by the existing menu.

  • Will my data be moved to other countries? ie if the data center previously used was in Australia, will it stay in Australia after migration?

    This migration is only focused on the UI/menu items (Phase I) and agent binaries (Phase II), the data center will not be changed.

    However, in the following situations, the customer's data was provisioned in the US site since the regional data lake was not ready then:

    • Customers who provisioned Apex One as a Service in the Singapore data center before August 2020.
    • Customers who provisioned Apex One as a Service in the Australia data center before October 2020.
    • Customers who provisioned Apex One as a Service in the India data center before December 2020

    Customers who meet the criteria may contact Trend Micro Technical Support to migrate their data.

  • I cannot single-sign-on (SSO) to Trend Vision One, what could be the root cause?

    In Apex Central, only CLP account can be used for SSO to Trend Vision One service, for customers who need to access Trend Vision One via other accounts, please refer to the KB article: Create local account that can SSO to Trend Vision One for detailed instructions.

  • Will my data be moved to other countries? ie if the data center previously used was in Australia, will it stay in Australia after migration?

    This migration is only focused on UI / menu items (Phase I) and agent binaries (Phase II), the data center will not be changed.

  • I’m using hybrid management structure (i.e. using on-premises Apex Central to manage Apex One SaaS agents), will this change impact my operation?

    Yes, customers who are using hybrid management model may only get on-premises agent investigation/sweeping results after this change has been made. Apex One SaaS agent investigation/sweeping should use Trend Vision One instead.

  • Which account can I use to log into Trend Vision One? While I try to access Trend Vision One app, the log in page asks me for an ID/Password. How do I create that account?

    Only the Customer Licensing Portal (CLP) account can do a single sign-on to Trend Vision One console but not native Apex One SaaS local accounts. Refer to the KB article: Creating a Trend Vision One account that can be used to Single Sign-On (SSO) to and from Apex One as a Service for the details if you need to use a local account to sign into the Trend Vision One console.

  • I've purchased a 60-day EDR data retention plan in Apex One as a Service. Will this migration cause any impact when using Trend Vision One?

    No. Existing data retention plan will be kept the same in Trend Vision One. However, in case you haven't started using Trend Vision One, by default, only data after March 1st will be available in Trend Vision One for search. Please contact Trend Micro Technical Support if you need to search for data prior to March 1st.

  • Can I use the previous Apex One as a Service EDR features after this migration?

    Apex One EDR related features will be redirected and enhanced in Trend Vision One apps. For Detailed use cases, refer to the following table:

    # Function in
    Apex One as a Service    		 How to do that
    in Trend Vision One    		 Relevant UI on
    Apex One as a Service    		 Relevant UI on
    Trend Vision One
    1

    Users can do a sweep by user-defined criteria to find related endpoints through Historical Investigation.

    • Users can check the mapped events in details.
    		 Users can do a sweep by user-defined criteria to find related events through Search App. Historical Investigation Search App
    2 Users can do a sweep by uploaded IOC file to find related endpoints through Historical Investigation.

    User can do a sweep by user-defined criteria to find related events through Search App.

     
    User would need to parse IOCs files to see what criteria shall be used for sweeping.
     
    		 Historical Investigation Search App
    3 Based on the sweeping result from historical investigation, users can select the endpoint to be investigated, and then click Generate Root Cause Results to generate a report for further investigation. According to the results of Search App, users can right-click the field to be investigated, and then click Check Execution Profile for further investigation. Historical Investigation > Generate Root Cause Results Search App > Check Execution Profile
    4 Based on the sweeping result from historical investigation, users can select endpoints and isolate them for mitigating impact. According to the results of Search App, users can right-click the corresponding field to isolate the endpoint for mitigating impact. Historical Investigation > Isolate Endpoint Search App > Isolate Endpoint
    5 Users can check the generated Root Cause Results through Root Cause Analysis Results. User can use Saved Queries to keep searching criteria and use it to generate execution profiles afterwards. Historical Investigation > Root Cause Analysis Results Search App > Saved Queries
    6 Users can perform response actions from the Root Cause Analysis report, such as isolating endpoints, terminating objects, and adding suspicious objects. Users can perform response actions from search result in Search App > right-click menu. Root Cause Analysis report Execution Profile report
    7 Check Attack Discovery detection logs from Log Query

    Check Attack Discovery detection log from Observed Attack Techniques

    • Users can also search Attack Discovery detection log through the Search App.
    		 Log Query > Attack Discovery
    • Observed Attack Techniques
    • Search App
    8 Users can do assessment impact by user-defined criteria to find related endpoints through Quick Investigation widget of Threat Investigation tab on the Dashboard. Users can do a sweep by user-defined criteria to find related events through Search App. Dashboard > Threat Investigation > Quick Investigation Search App
    9 Check Attack Discovery detection from Attack Discovery Detection widget of Threat Investigation tab of Dashboard.

    Check Attack Discovery detection log from Observed Attack Techniques.

    • User can also search Attack Discovery detection log through Search App
    		 Dashboard > Threat Investigation > Attack Discovery Detection
    • Observed Attack Techniques
    • Search App
    10 Users can do assess impact by file hash of the detection log to find related endpoints through Attack Discovery Detection widget of Threat Investigation tab of Dashboard Users can do sweeping by user-defined criteria to find related events through Search App. Dashboard > Threat Investigation > Attack Discovery Detection Search App
    11 Users can do impact assessment through User-Defined Suspicious Objects of Custom Intelligence.

    User can do a sweep by user-defined criteria to find related events through Search App.

     
    User would need to use User-Defined Suspicious Object as a search criteria for sweeping.
     
    		 Custom Intelligence > User-Defined Suspicious Objects Search App
Keywords: EDR,vision one,impact,changes,widget,Server Menu Migration,menu modifications,schedule,FAQ,xdr,vision one,000285577,285577