Views:

Environment Data

The Environment Data is sent once when your application starts. The Environment Data includes information related to platform, libraries and the language the application is running in.

Console settings	Not applicable, the environment data is not configurable.
Data collected	Programming Language: e.g. python 3.6 Runtime: e.g. CPython 3.6 Library versions: e.g. boto3:1.7.74 botocore:1.10.74 etc… Kernel version: e.g. Linux 3.13.0-92-generic x86_64 GNU/Linux OS Version: e.g. Ubuntu 14.04.5 LTS Application Security version Configuration & Custom Tags (set in library config file): ex: log_level:INFO, app_name: my app, etc. Process ID and Parent Process ID: Used to identify sub-processes running within the same server.
Console location	Not applicable, the environment data is not configurable.

Telemetry Data

The telemetry data is sent periodically.

Console settings	Not applicable, the environment data is not configurable.
Data collected	Total Transactions: Count of all requests seen by the library. Reported Transactions: Count of all requests with events reported to cloud. Dropped Messages: Count of messages discarded by the library due to a connection issue. Rejected Messages: Count of messages discarded when rejected by the cloud backend. Exceptions: count of internal library exceptions processing request data. Performance Data: Aggregate and sampled timing data on the Application Security library performance. Used to monitor the performance of our code to track typical performance data in our customers’ environments. Network interface MAC Addresses: Used to identify apps running on the same host. Instance ID, Container ID, Instance ARN, Region: Identification info to distinguish instances vs containers vs lambda for billing. Active ruleset and AV versions: Current release version of the running Malicious Payload ruleset and AV definitions. Policy version: Active version of policy.
Console location	Not applicable, the environment data is not configurable.

General Request Data

General HTTP request data sent when security events are generated, included in all types of security events, with HTTP request

Console settings	Configured as part of the specific event protection type.
Data collected	Unique transaction ID generated by: library HTTP Method URL Path URL QueryString HTTP Protocol HTTP Host Header HTTP X-Forward-For Header Remote IP Address
Console location	Configured as part of the specific event protection type.

Lambda Invocation Data

General data sent when security events are generated for a lambda function, included in all types of security events.

Console settings	Configured as part of the specific event protection type.
Data collected	AWS Request ID Function Name Function Version Invoked Function ARN Amazon Trace ID (if available) TargetGroup ARN (for ALB invocation) Request ID (for API Gateway invocation) API Stage (for API Gateway invocation)
Console location	Configured as part of the specific event protection type.

General Event Data

General data sent when security events are generated, for any types of security events, whether they are generated from HTTP based web application or Lambda function.

Console settings	Configured as part of the specific event protection type.
Data collected	Timestamp Blocked: true/false Custom event tags
Console location	Configured as part of the specific event protection type.

Malicious Payload Event

Specific event data sent when malicious payload protection triggers.

Disabling the setting, disables the malicious payload protection.

Data collected	Rule ID Payload Sample: Portion of HTTP stream containing identified payload. Note, this may contain some additional HTTP headers not normally sent like Cookies. Payload Position: Byte offset of malicious bytes within the payload sample.
Console location	Dashboard > Application Name > Policies
Console settings	Malicious Payload

Illegal File Access Event

Specific event data sent when illegal file access protection triggers.

Disabling the setting, disables the illegal file access protection.

Data collected	Function Used: Language function used to open file (ex: open, os.open, etc.) Current Working Directory Target File: The file that was attempted to open. Matched Rule: Rule that was matched by this open attempt. Open Mode: Read or Write Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	Illegal File Access

SQLi Event

Specific event data sent when SQL injection protection triggers.

Disabling the setting, disables the SQL injection protection.

Data collected	SQL Query: Query text flagged. Literal values are stripped out before being sent. Algorithm Detected: Why is this query flagged. (ex: Always True, Always False, Bad Statement, etc.) SQL Dialect: (ex: postgres, mysql, etc.) Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	SQL Injection

Open Redirect Event

Specific event data sent when open redirect protection triggers.

Disabling the setting, disables the open redirect protection.

Data collected	Redirect Location: Target of the redirect Rule Matched: Matching rule that matches Location above Stack Trace: Traceback leading to execution
Console location	Dashboard > Application Name > Policies
Console settings	Open Redirect

Remote Command Execution Event

Specific event data sent when remote command execution protection triggers.

Disabling the setting, disables the remote command execution protection.

Data collected	Command and Arguments: Command that was attempted to run. Function Used: Function used to execute command. Rule Matched: Matching rule that matches command above. Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	Remote Command Execution

Malicious File Upload Event

Specific event data sent when malicious file upload protection triggers.

Disabling the setting, disables the malicious file upload protection.

Data collected	Form Parameter Name: Form field name in HTTP form used for upload. File Name: File name supplied by source of file. Virus Name: Name of detected virus/malware.
Console location	Dashboard > Application Name > Policies
Console settings	Malicious File Upload

Keywords: gdpr cloud one,Cloud One App Security DCN,data collected Cloud One Application Security,DCN Cloud One Application Security,cloud one data gathering,cloud 1,trend micro cloud one application security,gdpr,, environment data, telemetry data, application security, trend micro cloud, trend micro cloud onetm, application security data collection, data collection

Trend Micro Cloud One™ - Application Security Data Collection Notice

Product / Version includes:

Cloud One - Application SecurityAll

Last updated: 2024/08/01

Solution ID: KA-0010655

Category: Configure

Summary

Cloud One Application Security includes the following modules which may cause the corresponding data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the data collection by disabling specific modules. Certain data collection may be mandatory and cannot be disabled.

• Environment Data
• Telemetry Data
• General Request Data
• Lambda Invocation Data
• General Event Data
• Malicious Payload Event
• Illegal File Access Event
• SQLi Event
• Open Redirect Event
• Remote Command Execution Event
• Malicious File Upload Event

To see where this data is processed, refer to our list of data centers and authorized data sub-processors and their locations.

Environment Data

The Environment Data is sent once when your application starts. The Environment Data includes information related to platform, libraries and the language the application is running in.

Console settings	Not applicable, the environment data is not configurable.
Data collected	Programming Language: e.g. python 3.6 Runtime: e.g. CPython 3.6 Library versions: e.g. boto3:1.7.74 botocore:1.10.74 etc… Kernel version: e.g. Linux 3.13.0-92-generic x86_64 GNU/Linux OS Version: e.g. Ubuntu 14.04.5 LTS Application Security version Configuration & Custom Tags (set in library config file): ex: log_level:INFO, app_name: my app, etc. Process ID and Parent Process ID: Used to identify sub-processes running within the same server.
Console location	Not applicable, the environment data is not configurable.

Telemetry Data

The telemetry data is sent periodically.

Console settings	Not applicable, the environment data is not configurable.
Data collected	Total Transactions: Count of all requests seen by the library. Reported Transactions: Count of all requests with events reported to cloud. Dropped Messages: Count of messages discarded by the library due to a connection issue. Rejected Messages: Count of messages discarded when rejected by the cloud backend. Exceptions: count of internal library exceptions processing request data. Performance Data: Aggregate and sampled timing data on the Application Security library performance. Used to monitor the performance of our code to track typical performance data in our customers’ environments. Network interface MAC Addresses: Used to identify apps running on the same host. Instance ID, Container ID, Instance ARN, Region: Identification info to distinguish instances vs containers vs lambda for billing. Active ruleset and AV versions: Current release version of the running Malicious Payload ruleset and AV definitions. Policy version: Active version of policy.
Console location	Not applicable, the environment data is not configurable.

General Request Data

General HTTP request data sent when security events are generated, included in all types of security events, with HTTP request

Console settings	Configured as part of the specific event protection type.
Data collected	Unique transaction ID generated by: library HTTP Method URL Path URL QueryString HTTP Protocol HTTP Host Header HTTP X-Forward-For Header Remote IP Address
Console location	Configured as part of the specific event protection type.

Lambda Invocation Data

General data sent when security events are generated for a lambda function, included in all types of security events.

Console settings	Configured as part of the specific event protection type.
Data collected	AWS Request ID Function Name Function Version Invoked Function ARN Amazon Trace ID (if available) TargetGroup ARN (for ALB invocation) Request ID (for API Gateway invocation) API Stage (for API Gateway invocation)
Console location	Configured as part of the specific event protection type.

General Event Data

General data sent when security events are generated, for any types of security events, whether they are generated from HTTP based web application or Lambda function.

Console settings	Configured as part of the specific event protection type.
Data collected	Timestamp Blocked: true/false Custom event tags
Console location	Configured as part of the specific event protection type.

Malicious Payload Event

Specific event data sent when malicious payload protection triggers.

Disabling the setting, disables the malicious payload protection.

Data collected	Rule ID Payload Sample: Portion of HTTP stream containing identified payload. Note, this may contain some additional HTTP headers not normally sent like Cookies. Payload Position: Byte offset of malicious bytes within the payload sample.
Console location	Dashboard > Application Name > Policies
Console settings	Malicious Payload

Illegal File Access Event

Specific event data sent when illegal file access protection triggers.

Disabling the setting, disables the illegal file access protection.

Data collected	Function Used: Language function used to open file (ex: open, os.open, etc.) Current Working Directory Target File: The file that was attempted to open. Matched Rule: Rule that was matched by this open attempt. Open Mode: Read or Write Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	Illegal File Access

SQLi Event

Specific event data sent when SQL injection protection triggers.

Disabling the setting, disables the SQL injection protection.

Data collected	SQL Query: Query text flagged. Literal values are stripped out before being sent. Algorithm Detected: Why is this query flagged. (ex: Always True, Always False, Bad Statement, etc.) SQL Dialect: (ex: postgres, mysql, etc.) Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	SQL Injection

Open Redirect Event

Specific event data sent when open redirect protection triggers.

Disabling the setting, disables the open redirect protection.

Data collected	Redirect Location: Target of the redirect Rule Matched: Matching rule that matches Location above Stack Trace: Traceback leading to execution
Console location	Dashboard > Application Name > Policies
Console settings	Open Redirect

Remote Command Execution Event

Specific event data sent when remote command execution protection triggers.

Disabling the setting, disables the remote command execution protection.

Data collected	Command and Arguments: Command that was attempted to run. Function Used: Function used to execute command. Rule Matched: Matching rule that matches command above. Stack Trace: Traceback leading to execution.
Console location	Dashboard > Application Name > Policies
Console settings	Remote Command Execution

Malicious File Upload Event

Specific event data sent when malicious file upload protection triggers.

Disabling the setting, disables the malicious file upload protection.

Data collected	Form Parameter Name: Form field name in HTTP form used for upload. File Name: File name supplied by source of file. Virus Name: Name of detected virus/malware.
Console location	Dashboard > Application Name > Policies
Console settings	Malicious File Upload

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Micro Cloud One™ - Application Security Data Collection Notice

Environment Data

Telemetry Data

General Request Data

Lambda Invocation Data

General Event Data

Malicious Payload Event

Illegal File Access Event

SQLi Event

Open Redirect Event

Remote Command Execution Event

Malicious File Upload Event

Trend Micro Cloud One™ - Application Security Data Collection Notice

Product / Version includes:

Summary

Environment Data

Telemetry Data

General Request Data

Lambda Invocation Data

General Event Data

Malicious Payload Event

Illegal File Access Event

SQLi Event

Open Redirect Event

Remote Command Execution Event

Malicious File Upload Event