Procedures
- To get started with the integration, you need an active TrendAI Vision One account.
For more information on how to activate TrendAI Vision One with Essential Access using an existing product license, see Activating TrendAI Vision One with Essential Access. - TrendAI Vision One integration requires Windows Server 2016 and later, which supports advanced Cipher Suites.
- Apply Apex Central Patch 5 to enable integration setting console to register with TrendAI Vision One. Patch 5 can be downloaded from Trend Micro Download Center.
- For TrendAI Vision One integration required Internet communication, please refer to URLs to allow through firewall for Apex Central to configure the firewall allow rules.
- Generate an enrollment token in TrendAI Vision One with the following steps:
- Log onto the TrendAI Vision One console.
- Go to Point Product Connection > Product Instance.
- Click Add Existing Product.
- In the Instance Type field, select Trend Micro Apex Central On-Premises.
- Click the link to generate an enrollment token.
- Copy the enrollment token for use on the Apex Central web console.
The token is only valid for 24 hours after it's generated. If it expires, generate a new one using the same steps.
- Click Save.
- Alternatively, if your TrendAI Vision One console is on an earlier version, please refer to these steps instead:
- Log onto the TrendAI Vision One console.
- Go to Point Product Connection > Product Connector.
- Click Connect.
- In the Product field, select Trend Micro Apex Central.
- Click the link to generate an enrollment token.
- Copy the enrollment token for use on the Apex Central web console.
The token is only valid for 24 hours after it's generated. If it expires, generate a new one using the same steps.
- Click Save.
- Paste the enrollment token to the Apex Central web console.
- On the Apex Central web console, go to TrendAI Vision One > Integration Settings.
- Paste the enrollment token you obtained from the Product Connector in TrendAI Vision One.
- Select Forward detection logs and endpoint information to TrendAI Vision One.
- Click the Register.
After a successful registration, your Apex Central console will start to forward security events to TrendAI Vision One and will change the Enrollment status to "Registered".
If you'd like to stop forwarding logs and information, your can either:
- Unselect Forward detection logs and endpoint information to TrendAI Vision One of Apex Central web console
- Alternatively, go to the Product Instance of TrendAI Vision One and click Disconnect button of the "Apex Central On-Premises" entry.
For managed Trend Micro Apex One on-premises servers with Enhanced Support Services enabled (requires Service Pack 1 Patch 2 or later), Apex Central Patch 5 forwards endpoint information to TrendAI Vision One. Customers can use the Endpoint Inventory to browse the endpoints group/list and their basic information, enable Security Operations Endpoint Sensor or Advanced Risk Telemetry.
Current Apex Central on-premise integration scope only covers endpoint agent visibility on TrendAI Vision One console.
Policy configurations still needs to be deployed from Apex Central on-premise console.
TrendAI Vision One integration requires Windows Server 2016 and later, it uses below Cipher Suites in TLS 1.2:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Ensure those Cipher Suites are enabled.
For the detail Cipher Suites in TLS/SSL in different Windows versions, please refer to Cipher Suites in TLS/SSL (Schannel SSP).