Views:

Background

The XBC (Endpoint Basecamp) sensor in TrendAI Vision One uses a self-signed certificate on port 51981 for internal communication between agent components. This certificate is generated by the VOM.dll module and is not issued by a public Certificate Authority (CA).

Why the Vulnerability is Reported

Security scanners, like Tenable, flag this self-signed certificate as a medium severity vulnerability because:

  • It is not signed by a publicly recognized CA.
  • Self-signed certificates are generally less trusted by external systems.

However, this certificate is used solely for secure local communication within the TrendAI Vision One agent and is not exposed to external networks or public traffic.

Can the Certificate be Replaced or Updated?

Currently, TrendAI Vision One does not provide an option to replace or update the self-signed certificate used by the XBC sensor with a CA-signed certificate.

Security Considerations

  • The self-signed certificate secures internal communication between TrendAI Vision One components.
  • Since communication is local and internal, the risk of man-in-the-middle or external attacks via this certificate is minimal.
  • If an attacker compromises the host, they would already have privileged access, making the certificate type less relevant.

Recommendations to Address Vulnerability Alerts

While the certificate cannot be changed, you can take the following steps to manage vulnerability reports:

  1. Document the Use Case: Maintain internal documentation explaining that the self-signed certificate is used for internal TrendAI Vision One agent communications and is not exposed externally.

  2. Suppress or Whitelist Specific Vulnerabilities:

    • Review the vulnerability scanner's documentation on suppressing or whitelisting findings for trusted internal components.
    • For Tenable, consider creating an exception or whitelist for plugin IDs 45411, 51192, and 57582 related to this certificate. See Tenable Vulnerability Management integration for guidance on managing Tenable data and exceptions.

  3. Implement Network Segmentation:

    • Ensure that port 51981 is only accessible locally or within a secured internal network segment to reduce exposure.

  4. Maintain System Security:

    • Keep the TrendAI Vision One agent and system OS updated with the latest patches.
    • Enforce strict access controls on hosts running the XBC sensor.

Summary

  • The self-signed certificate on port 51981 for the XBC sensor is normal and expected.
  • It is not a security risk under typical deployment scenarios.
  • Currently, there is no supported method to replace it with a CA-signed certificate.
  • Use vulnerability management best practices to document and suppress these specific findings.

If you require further assistance or have additional concerns, please contact TrendAI™ Technical Support.

Keywords: trendai vision one xbc sensor port 51981, endpoint basecamp self-signed certificate, tenable plugin 57582 trend micro, xbc vulnerability scan remediation, port 51981 medium severity alert, trend vision one sensor communication security, xdr endpoint basecamp port vulnerability