Retrieving Trend Vision One Parameters
- Retrieve parameters from the Trend Vision One dashboard, under Endpoint Security > Endpoint Inventory.
- Click Agent Installer.
- Click Deployment Script. Select "Endpoint Sensor" for Protection type. Select "Linux" for Operating system. Within the preview script, copy the values for
company_id,scenario_idsunderx86_64(x86_64_xbc_agent_token), andscenario_idsunderaarch64(aarch64_xbc_agent_token).
Setting Parameter Store Values
- Navigate to AWS Systems Manager > Parameter Store and create the following parameters.
First Parameter Second Parameter Third Parameter Name /WorkloadSecurity/ImageBuilder/company_id /WorkloadSecurity/ImageBuilder/x86_64_xbc_agent_token /WorkloadSecurity/ImageBuilder/aarch64_xbc_agent_token Data type text text text Type String String String Value company_id
(Retrieved from Trend Vision One)x86_64_xbc_agent_token
(Retrieved from Trend Vision One)aarch64_xbc_agent_token
(Retrieved from Trend Vision One) - To create the parameters, click Create parameter and fill out the Parameter details with the values listed above and those retrieved from Trend Vision One.
- The following is an example of creating the first parameter. Repeat for all parameters listed above.
Setting up IAM Role for EC2 Instance
- Navigate to IAM > Roles and create a new role.
- Select EC2 as the trust entity type.
- Add the following Permission policies to the role:
- AmazonSSMFullAccess
- AmazonSSMManagedInstanceCore
- EC2InstanceProfileForImageBuilder
- Name and finish creating the role.
- Edit the role to add the following inline policy.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ssm:PutParameter", "ssm:LabelParameterVersion", "ssm:DeleteParameter", "ssm:UnlabelParameterVersion", "ssm:DescribeParameters", "ssm:GetParameterHistory", "ssm:DescribeDocumentParameters", "ssm:GetParametersByPath", "ssm:GetParameters", "ssm:GetParameter", "ssm:DeleteParameters", "s3:get*", "s3:List*", "imagebuilder:GetComponent" ], "Resource": "*" } ] }
Creating a Recipe with Trend Vision One Endpoint Security Agent component
- Navigate to EC2 Image Builder > Images recipes and create an image recipe.
- Retrieve the Trend Vision One Endpoint Security Agent component from AWS Marketplace images.
- Then select a managed instance from AWS with one of the following supported versions:
- Amazon Linux 2
- Amazon Linux 2023
- Ubuntu 20
- Ubuntu 22
- Ubuntu 24.04
- CentOS Linux 8
- CentOS Stream 8
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- SLES 12
- SLES 15
- Ensure the working directory is /tmp.
- Select the component for Trend Vision One Endpoint Security Agent and then finish creating the recipe.
Creating Infrastructure Configuration
- Navigate to EC2 Image Builder > Infrastructure configurations and create a new configuration.
- Select the IAM role previously created and make sure the instance type is c3.large. Then finish creating the configuration.
Creating an Image Pipeline
- Navigate to EC2 Image Builder > Image pipelines and create a new pipeline.
- Name the pipeline and make the build schedule manual.
- Choose the previously created recipe infrastructure configuration. Then finish creating the recipe.
Launching an EC2 from AMI
- Run the previously created pipeline.
- When the pipeline is complete, launch an EC2 from the resulting AMI.
- Make sure the instance type is c3.large.
- Under Advanced details, select the previously created IAM role, then launch the instance.
Connecting EC2 Instance to Trend Vision One
- Navigate to the instance created using the AMI and connect to it.
- Once connected to the EC2 instance, navigate to /tmp and run the command sh installVisionOneEndpoint.sh as the root user.
- The EC2 should now be connected to Trend Vision One and appear under Endpoint Security > Endpoint Inventory.