Views:

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

 

General Trend Vision One Service

Data Collected
  • Email
  • Phone number
  • Contact names
  • IP Address
Console LocationData provided to Trend Micro during on-boarding process and during normal service delivery.
Console SettingsAccount Management - Name and email required if additional accounts are created.

Configurable Additional Data Collection Using the Trend Vision One Console

Description fields
Data CollectedCustomer provided text
Console LocationVarious locations throughout the Trend Vision One product console

Optional: Free-Form Text field for customer user to provide additional information at their discretion. Please do not enter any personal or sensitive information.

Description fields

Share your Feedback
Data CollectedCustomer provided text

Optional- Customers may submit feature requests and ideas to the Trend Vision One Product team. Please do not input any personal or sensitive information into the feedback form.

Console Location[XDR Resource Center menu icon] > Share Your Feedback > Make a Suggestion
Console Settings
  • Make a Suggestion

Feedback window

Search App
Data CollectedSaved queries of search history, including:
  • Names (user, domain, file, object)
  • UserID
  • Email addresses
  • IP addresses
  • Browsing history
  • Command history

Optional: User can save the search parameters for future queries.

Console Location

Saved Search Queries

Response App
DescriptionResponse app collect Endpoint information when customer take response actions.
It stores these data to record the task history.
It collects file when customer take collect file action.
It stores these data for customer downloading and threat investigate app like sandbox.
It can take the following actions on account name:
  • Enable User Account
  • Disable User Account
  • Force Reset Password
  • Force Sign Out

The task histories contain the account name.
Data Collected
  • Endpoint IP
  • Endpoint Hostname
  • File Path
  • Email Address
  • Email Subjsect
  • File
  • Account Name
Console Location

ResponseApp1

ResponseApp2

ResponseApp3

ResponseApp4

ResponseApp5

ResponseApp6

Security Playbooks
DescriptionSecurity Playbooks collects data when customers configure security playbooks and when security playbooks execute.
Data Collected
  • IP address
  • Hostname
  • Fully Qualified Domain Name
  • OS name
  • OS type
  • Email address
  • File
  • File name
  • File path
  • URL
  • Device GUID
  • Device name
  • User Principal Name
  • Account name
  • Account type
  • Account role
  • CVE ID
Console Location

Workflow And Automation > Security Playbooks > Templates
Workflow And Automation > Security Playbooks > Templates > Create playbook from template
Workflow And Automation > Security Playbooks > Playbooks
Workflow And Automation > Security Playbooks > Execution Results

Trend Vision One Terms of Service (Endpoint Basecamp)
Data Collected
  • Endpoint name
  • IP address
  • Mac address

After customers agree to the Terms of Service, Privacy Notice and Data Collection Notice, the data collection can’t be disabled

Console Location

To enable: Trend Micro XDR Terms of Service > I agree to the Terms of Service, Privacy Notice, and Data Collection Notice > Get Started

XDR Terms of Service

To disable: Open Task Scheduler on each endpoint and disable the "Trend Micro Endpoint Basecamp" scheduled task.

Run Windows Task Scheduler > Click Task Scheduler Library > right-click Trend Micro Endpoint Basecamp > Disable

Task Scheduler

Email Inventory
Data Collected
  • Account name
  • User display name
  • Group name
  • User membership
  • Mailbox account
  • Email address

The data collection can't be disabled when customers use Email Inventory.

Console Location
  • To enable: Email Inventory > configure the following:
    • Use the Exchange Web Service Managed API for quarantine management
    • Use the Graph API to access all mailboxes
    • Access the user profiles and mailboxes
  • To disable: Click the Help icon > Contact Support, and open a support ticket.

    Contact Support

Endpoint Inventory - Enable Trend Vision One capabilities
Data Collected
  • Command line
  • File name
  • File owner
  • File signer
  • Host name
  • IP address
  • Process owner
  • Registry data
  • User name
  • URL
  • Windows event log
Console Location
  • To enable: Endpoint Inventory > Available endpoints tab > [select endpoint] > Enable

    Endpoint Inventory

  • To Disable: Endpoint Inventory > Reporting to XDR tab > [select endpoint] > Disable

    Disable Enpoint Inventory

The user ID and user account are used for user behavior tracking and auditing. The company ID identifies which company this customer belongs to.

Endpoint Security Policies
Data Collected
  • User ID
  • User Account
  • Company ID
Console LocationSecurity Policies > Endpoint
Console Settings
  • Endpoint

Endpoint

Back to top

Security Assessment Service

Security Assessment Service includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Trend Vision One Security Assessment Service
Data Collected &
Console Location

Trend Vision One Security Assessment Service includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro.

Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Security Assessment Service Data Collection Notice.

Back to top

Attack Surface Risk Management

Attack Surface Risk Management includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

TREND VISION ONE XDR SENSORS

Endpoint Sensor
DescriptionBy installing and enabling endpoint sensors throughout your network, Trend Micro can analyze endpoint data that includes user activities, cloud app access, and endpoint vulnerabilities to provide risk insights. Install more sensors to gain better insight into your users' cloud app usage throughout your network. You must install agents and enable XDR Sensors using Endpoint Inventory to begin receiving activity data.
Data Collected
  • Endpoint name
  • Logon username
  • User principal name
  • Logon user domain
  • IP addresses
  • MAC address
  • Suspicious file path
  • Suspicious file name
  • Suspicious file hash
  • URL
  • OS name
  • OS version
  • OS build number
  • OS patch level
  • OS SKU
  • Agent ID
  • Installed software name
  • Installed software version
  • Software installation path
  • Software patch information
Console LocationExecutive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Endpoint Sensor > Endpoint Inventory
 
Email Sensor
DescriptionBy enabling Trend Micro Vision One Email Sensor in Email Account Inventory, Trend Micro can analyze email activities and detect threats on monitored Exchange Online and Gmail mailboxes. You must monitor mailboxes using Email Account Inventory to begin receiving activity data.
Data Collected
  • Event time
  • User principal name
  • Domain name
  • SAM account name
  • URL
  • Email attachment information
  • Email meta information
Console LocationExecutive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Email Inventory
 
Network Sensor
DescriptionBy enabling Trend Vision One Network Sensor, Trend Micro can analyze network activity from your monitored network traffic to discover suspicious traffic and abnormal behavior. You must enable Network Analytics using Network Inventory to begin receiving and analyzing network activity data.
Data Collected
  • Device GUID
  • Host name
  • Source IP
  • Source port
  • Destination IP
  • Destination port
  • Endpoint IP
  • Peer IP
  • File path
  • File name
  • Username
  • Sender email address
Console LocationExecutive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Trend Vision One Network Sensor > Network Inventory

TREND MICRO SECURITY SERVICES

Security Agents
DescriptionBy installing security agents throughout your network, Trend Micro can analyze endpoint data that includes user activities, web activities, cloud app access, security settings, and threat detections to provide risk insights.
Data Collected
  • Endpoint name
  • Logon username
  • User principal name
  • Logon user domain
  • IP addresses
  • MAC address
  • Suspicious file path
  • Suspicious file name
  • Suspicious file hash
  • URL
  • OS name
  • OS version
  • OS build number
  • OS patch level
  • OS SKU
  • Agent ID
  • Installed software name
  • Installed software version
  • Software installation path
  • Software patch information
  • Product configuration
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Standard Endpoint Protection > Product Instance
Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Server & Workload Protection > Product Instance
Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One as a Service > Product Instance
Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One On-premises > Product
Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Instance Trend Cloud One - Endpoint & Workload Security > Product Instance
Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Security > Product Instance
 
Cloud Email and Collaboration Protection
DescriptionConnect Cloud Email and Collaboration Protection using the Product Instance app to analyze detected threats and security settings on monitored Google Gmail and Office 365 apps.
Data Collected
  • File name
  • File SHA1
  • File MD5
  • User principal name
  • SharePoint/OneDrive file path
  • URL
  • File upload time
  • File type
  • Email meta information
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email and Collaboration Protection > Product Instance
 
Cloud Email Gateway Protection
DescriptionCloud Email Gateway Protection analyzes email activities, security settings, and detected threats on monitored email gateways. Connect this data source to Trend Vision One through the Product Connector app.
Data Collected
  • Primary email
  • User principal name
  • User display name
  • Department
  • Tenant name
  • Group name
  • Email meta information
  • Server host name
  • Server domain
  • Server OS name
  • Server OS version
  • Server IP address
  • Server MAC address
  • Server Interfaces
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email Gateway Protection > Product Instance
 
Trend Cloud One - Conformity
DescriptionBy connecting Conformity, which has a growing public library of 900+ cloud infrastructure configuration best practices for your AWS, Microsoft Azure, and Google Cloud environments, Attack Surface Risk Management can automatically monitor your cloud infrastructure, and provide instant visibility into compliance and security best practice violations on your public cloud infrastructure.
Data Collected
  • Provider
  • Region
  • Resource name
  • Resource type
  • Service name
  • Service category
  • Create date
  • Last modified date
  • Configuration message
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Cloud One - Conformity > Data upload permission > Off
 
Trend Micro Deep Discovery Inspector
DescriptionBy deploying and connecting Deep Discovery Inspector, Trend Micro can extract network insights to discover targeted attacks, advanced threats, and unmanaged devices. Deploy and connect Deep Discovery Inspector using Network Inventory to monitor your network and begin receiving and analyzing detection data.
Data Collected
  • Device GUID
  • Host name
  • Source IP
  • Source port
  • Destination IP
  • Destination port
  • Endpoint IP
  • Peer IP
  • File path
  • File name
  • Username
  • Sender email address
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Discovery Inspector > Network Inventory
 
Trend Micro Web Security
DescriptionBy enabling and deploying the Web Sensor, Trend Micro can analyze web activities, detect threats, and determine the web applications and websites being accessed by managed users and devices in and outside your corporate network.
Data Collected
  • Username
  • Department
  • Device name
  • User principal name
  • AD domain
  • URL accessed
  • Browsing time
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Web Security > Product Instance
 
Trend Micro Mobile Security
DescriptionBy installing and enabling mobile agents throughout your network, Trend Micro can analyze mobile user activities, detect threats and risky mobile apps, and determine the cloud apps being accessed by managed devices. Install more agents to gain better insight into your users' mobile device related risks throughout your network. Mobile agent only supports Android 7.0 and above.
Data Collected
  • Logon user
  • User principal name
  • IP address
  • App name
  • App package name
  • Device hostname
  • OS name
  • URL
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Mobile Security > Mobile Inventory
 
Trend Vision One Container Security
DescriptionBy deploying and connecting Container Security, Trend Micro can gain better insights into your containers and images for vulnerabilities, detected threats, and system configuration risks. Deploy and connect Container Security through the Container Inventory app to monitor your container environment and begin receiving and analyzing detection and vulnerability data.
Data Collected

Kubernetes Service Information

  • Cluster name
  • Cluster description
  • Cluster application version
  • Service UID
  • Resource name
  • Namespace
  • Create time
  • Network type
  • IP addresses
  • Ports

Kubernetes Pod Information

  • Pod name
  • Pod UID
  • Namespace
  • Create time
  • Owners
  • Dispatched IP
  • Pod volumes
  • Node name
  • Labels
  • Annotations

ECS Service Information

  • Cluster ARN
  • Service ARN
  • Service name
  • Create time
  • Network configuration
  • Task definition

ECS Task Information

  • Service UID
  • Cluster ARN
  • Task group
  • Task ARN
  • Task description
  • Task create time
  • Task launch type
  • Task tags
  • Task container instance ARN
  • Task definition

Node Information

  • Node name
  • Node UID
  • Node create time
  • IP addresses
  • OS Image
  • Kernel version
  • Container runtime version
  • Kubernetes version

Container Information

  • Pod ID
  • Container ID
  • Container name
  • Task ID
  • Task GUID
  • Task ARN
  • Image ID
  • Start command
  • Environment variables
  • Exposed ports
  • Security context
  • Mounted volumes
  • Start time
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Vision One Container Security > Container Inventory
 
TippingPoint Security Management System
DescriptionAllow TippingPoint Security Management System (SMS) to act as a data source to access network-related detections and filter rule status to gain more comprehensive risk insights into your network activity.
Data Collected
  • Device GUID
  • Host name
  • Source IP
  • Source port
  • Destination IP
  • Destination port
  • CVE ID
  • URL
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > TippingPoint Security Management System > Network Intrusion Prevention
 
Zero Trust Secure Access - Private Access
DescriptionAfter setting up the Zero Trust Secure Access - Private Access Service in your environment, Trend Micro can analyze user and device risk, detect threats, and limit access to internal applications to authorized personnel.
Data Collected
  • Event time
  • Logon user
  • User principal name
  • User display name
  • Event information
  • OS name
  • Endpoint GUID
  • Host name
  • External IP
  • Endpoint IP
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Private Access > Zero Trust Secure Access
 
Zero Trust Secure Access - Internet Access
DescriptionAfter setting up the Zero Trust Secure Access - Internet Access Service in your environment, Trend Micro can analyze user access to web applications outside your corporate network and detect threats.
Data Collected
  • Event time
  • Identity ID
  • Username
  • User principal name
  • Payload size
  • Body size
  • Access duration
  • AD domain
  • Department
  • Request URL
  • URL category
  • Device name
  • Action
  • Malware type
  • Malware name
  • Profile name
  • App ID
  • App name
  • App category
  • Location
Console LocationExecutive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Internet Access > Zero Trust Secure Access

THIRD-PARTY DATA SOURCES

Microsoft Entra ID
DescriptionGrant Trend Micro permission to access your Azure AD data in order to gain deeper insight regarding the apps and devices your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports:
  • User profiles
  • User risk score trends
  • Device profiles
  • Device risk score trends
  • Cloud app usage (by app)
  • Cloud app usage (by category)
  • Account compromise assessment (leaked account and suspicious user activity)
Data Collected

User information

  • User ID
  • User display name
  • User principal name
  • IP address
  • Groups
  • Location (city, state , country)
  • Email address
  • Job title
  • Department
  • Given name
  • Surname
  • Email nickname
  • IM addresses
  • Last password change datetime

Applications being used

  • App ID
  • App display name
  • Client app used

Sign-in logs

  • Sign-in initiated time
  • Device detail (Browser and OS)
  • Location
  • Status
  • Conditional access status
  • Correlation ID
  • Risk state
  • Risk detail
  • Risk level aggregated
  • Risk level during sign-in
  • Risk event types
  • Resource display name
  • Resource ID
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Azure AD > Manage permissions and integration settings in Third-Party Integration
 
Active Directory (on-premises)
DescriptionGrant Trend Micro permission to access your on-premises Active Directory data in order to gain deeper insight regarding your internal user accounts and devices that contribute to risk analyses.
Data Collected

User information

  • Canonical name
  • Username
  • SAM account name
  • User principal name
  • User display name
  • Description
  • Distinguished name
  • Given name
  • Surname
  • Email address
  • Company name
  • Department
  • Job title
  • SID
  • Account enabled
  • Domain
  • Direct parent group
  • All parent groups
  • Usage location
  • Last password change time

Group information

  • Canonical name
  • Description
  • Distinguished name
  • Member
  • SAM account name
  • Display name
  • Email address
  • Direct parent group
  • All parent groups
  • Direct members
  • All members

Computer information

  • Canonical name
  • Distinguished name
  • Country code
  • Display name
  • Description
  • SAM account name
  • DNS host name
  • Bad password time
  • Bad password count
  • Last logon
  • Last logoff
  • Logon count
  • OS
  • Service principal name
  • Direct parent group
  • All parent groups

Event log

  • Timestamp
  • Agent ID
  • System event ID
  • System time created
  • System security
  • System computer
  • IP address
  • IP port
  • Logon type
  • Member SID
  • New UAC value
  • Old UAC value
  • Password last set
  • Primary group ID
  • Privilege list
  • Process ID
  • Process name
  • Service name
  • Service SID
  • Status
  • Sub-status
  • Subject domain name
  • Subject logon ID
  • Subject username
  • Subject user SID
  • Target domain name
  • Target linked logon ID
  • Target logon ID
  • Target SID
  • Target username
  • Target user SID
  • Virtual account
  • Workstation
  • Workstation name
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Active Directory (on-premises) > Configure Active Directory in Third Party Integration
 
Nessus Pro
Tenable Security Center
DescriptionGrant Trend Micro permission to access your Nessus Pro or Tenable Security Center (formerly Tenable.sc) data in order to gather device information and CVE detections, contributing to risk analyses. Through Nessus Pro integration, you gain access to the following insightful reports:
  • Operating systems with highly-exploitable CVEs
  • Applications with highly exploitable CVEs
Data Collected
  • Host FQDN
  • NetBIOS name
  • BIOS UUID
  • Workgroup
  • Host name
  • Device OS
  • Logon user
  • IP address
  • MAC address
  • CVE ID
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Nessus Pro > Configure Nessus Pro in Third Party Integration

Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Security Center > Configure integration settings in Third-Party Integration

 
Office 365 usage
DescriptionGrant Trend Micro permission to access Office 365 usage reports resources and useful data about people and documents they interact with in order to gain deeper insight regarding the Microsoft 365 resources your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports:
  • OneDrive activity and usage
  • SharePoint activity and usage
  • Outlook activity and usage
  • Teams activity and usage
Data Collected

OneDrive activity report

  • Report refresh date
  • User principal name
  • Deleted
  • Deleted date
  • Last activity date
  • Files viewed or edited (count)
  • Files synced (count)
  • Files shared internally (count)
  • Files shared externally (count)
  • Products assigned
  • Report period

OneDrive usage report

  • Report refresh date
  • Site URL
  • Owner username
  • Owner principal name
  • Deleted
  • Last activity date
  • Files (count)
  • Active files (count)
  • Storage used (Byte)
  • Storage allocated (Byte)
  • Report period

SharePoint activity report

  • Report refresh date
  • User principal name
  • Deleted
  • Deleted date
  • Last activity date
  • Files viewed or edited (count)
  • Files synced (count)
  • Files shared internally (count)
  • Files shared externally (count)
  • Pages visited (count)
  • Products assigned
  • Report period

SharePoint site usage report

  • Report refresh date
  • Site ID
  • Site URL
  • Site owner username
  • Site owner principal name
  • Deleted
  • Last activity date
  • Files (count)
  • Active files (count)
  • Page views (count)
  • Page visited (count)
  • Storage used (Byte)
  • Storage allocated (Byte)
  • Root web template
  • Report period

Outlook email app usage report

  • Report refresh date
  • User principal name
  • Display Name
  • Deleted
  • Deleted date
  • Last activity date
  • Outlook (Mac)
  • Outlook (Windows)
  • Outlook (Mobile)
  • Mobile
  • Outlook on the web
  • POP3 app
  • IMAP4 app
  • SMTP app
  • Report period

Mailbox usage report

  • Report refresh date
  • User principal name
  • Display name
  • Deleted
  • Deleted date
  • Created date
  • Last activity date
  • Item count
  • Storage used (Byte)
  • Issue warning quota (Byte)
  • Prohibit send quota (Byte)
  • Prohibit send/receive quota (Byte)
  • Deleted Item Count
  • Deleted Item Size (Byte)
  • Report period

Email activity report

  • Report refresh date
  • User principal name
  • Display name
  • Deleted
  • Deleted date
  • Last activity date
  • Send actions (count)
  • Receive actions (count)
  • Read actions (count)
  • Products assigned
  • Report period

Microsoft Teams user activity report

  • Report refresh date
  • User principal name
  • Last activity date
  • Deleted
  • Deleted date
  • Products assigned
  • Channel messages (count)
  • Chat messages (count)
  • 1:1 calls (count)
  • Total meetings (count)
  • Other activity
  • Report period
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Office 365 > Activity data upload permission > Off
 
OKTA
DescriptionGrant Trend Micro permission to access your Okta data in order to gain deeper insight regarding the apps your users access and the behaviors that contribute to users' risk analyses.

Through Okta integration, you gain access to the following insightful reports:

  • User profiles
  • User risk score trends
  • Cloud app usage (by app)
  • Cloud app usage (by category)

 

Data Collected

User information

  • User ID
  • User display name
  • User principal name
  • Location (country, state, city)
  • Job title
  • Email address
  • User type
  • Company name
  • Department
  • Given name
  • Surname
  • Nickname
  • Group
  • Second email address
  • Account create datetime
  • Last password change datetime

Sign-in logs

  • Sign-in event time
  • User principal name
  • Endpoint IP address
  • Request URI
  • Device OS
  • Device browser
  • User ID
  • User display name
  • Location (country, state, city, postcode, geolocation)
  • Sign-in status
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Okta > Configure Okta integration settings in Third-Party Integration
 
Open LDAP
DescriptionGrant Trend Micro permission to access Directory Service data from your OpenLDAP server in order to gain deeper insight regarding your internal user accounts that contribute to risk analyses.
Data Collected

User information

  • UUID
  • CSN
  • DN
  • CN
  • Display name
  • Domain name
  • Surname
  • Given name
  • Mail
  • GECOS
  • GID number
  • UID
  • UID number
  • Home directory
  • Login shell
  • Direct parent group
  • All parent group

Group information

  • UUID
  • CSN
  • DN
  • CN
  • Domain name
  • Direct members
  • All members
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > OpenLDAP > Configure OpenLDAP integration settings in Third-Party Integration
 
Qualys
DescriptionGrant Trend Micro permission to access your Qualys data in order to gather device information and CVE detections, contributing to risk analyses. Through Qualys integration, you gain access to the following insightful reports:
  • Operating systems with highly exploitable CVEs
  • Applications with highly exploitable CVEs
Data Collected
  • Hostname
  • Host ID
  • Device OS
  • Logon users
  • Last logon user
  • IP address
  • MAC address
  • Vulnerability list
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Qualys > Data upload permission > Off
 
Rapid 7 - InsightVM / Nexpose
DescriptionGrant Trend Micro permission to access your Rapid7 InsightVM or Nexpose data, including device information and CVE detections, via the Rapid7 Security Console. Through Rapid7 - InsightVM / Nexpose integration, you gain access to the following insightful reports:
  • Operating systems with highly exploitable CVEs
  • Applications with highly exploitable CVEs
Data Collected
  • ID
  • IP address
  • MAC address
  • Hostname
  • OS
  • Services
  • Software installed
  • Users
  • User groups
  • Vulnerability list
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - InsightVM > Data upload permission > Off

Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - Nexpose > Configure integration settings in Third-Party Integration

 
Splunk - Network Firewall / Web Gateway Logs
DescriptionThe Attack Surface Risk Management for Splunk app connects your Splunk data with Trend Micro datalakes revealing web access footprints based on Firewall and Web Gateway activity.
Data Collected
  • Event time
  • Source IP address
  • Hostname: from where the event is initiated
  • Website: the URL
  • Count: aggregated times of the access
  • Username: user who initiates the event
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Splunk - Network Firewall / Web Gateway Logs > Configure Splunk - Network Firewall / Web Gateway Logs integration settings in Third-Party Integration
 
Tenable Vulnerability Management
DescriptionGrant Trend Micro permission to access your Tenable Vulnerability Management (formerly Tenalbe.io) data in order to gather device information and CVE detections, contributing to risk analyses. Through Tenable Vulnerability Management integration, you gain access to the following insightful reports:
  • Operating systems with highly-exploitable CVEs
  • Applications with highly-exploitable CVEs
Data Collected
  • ID
  • Agent UUID
  • Agent names
  • Software installed
  • IP address
  • MAC address
  • OS
  • Hostname
  • Vulnerability list
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Vulnerability Management > Data upload permission > Off
 
Tanium Comply
DescriptionGrant Trend Micro permission to access your Tanium Comply data in order to gather device information and CVE detections, contributing to risk analyses. Through Tanium Comply integration, you gain access to the following insightful reports:
  • Operating systems with highly exploitable CVEs
  • Applications with highly exploitable CVEs
Data Collected
  • Endpoint name
  • Domain name
  • IP address
  • MAC address
  • OS
  • Last logon user
  • Software installed
  • Vulnerability list
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tanium Comply > Data upload permission > Off
 
Internet Facing Assets
DescriptionDisplays all IP and domain assets that are visible from external internet locations and view detailed IP profile risk assessments.
Data Collected
  • Domain
  • Hostname
  • IP
  • Tags: categories of asset
  • Running services
  • OS
  • ISP
  • Cloud provider
  • Geolocation
  • SSL
  • CPE: version of applications on assets
  • Vulnerability list
Console LocationAttack Surface Discovery App > Internet Facing Assets > Domain / Public IP > Remove
Medigate
DescriptionGrant Trend Micro permission to access your Medigate data in order to gather device information and CVE detections to contribute to risk analyses. Through Medigate integration, you gain access to detailed asset profile information.
Data Collected
  • Device ID
  • Risk score
  • OS category
  • Labels
  • Device type family
  • Vulnerability list
  • MAC address list
  • Device subcategory
  • Assignees
  • Network list
  • Model
  • Device type
  • Device category
  • IP address list
Console LocationExecutive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Medigate > Data upload permission > Off

Back to top

Sandbox Analysis App

Users can disable data collection by disabling submissions.

Data CollectedData transmitted relates to user submitted object.
  • File Name
  • File Content
  • Archive file password
  • File password
  • Command line arguments
  • URL
Console LocationTHREAT INTELLIGENCE > Sandbox Analysis > Submission Settings
  • To enable: Set the daily reserve value to anything between 1 and 10,000.
  • To disable: Set the daily reserve value to 0.

Submission Settings

Click the image to enlarge.

Back to top

Network

Network includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Trend Vision One Virtual Network Sensor
Data Collected &
Console Location

Trend Vision One Virtual Network Sensor includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro.

Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Virtual Network Sensor Data Collection Notice.

Back to top

Service Gateway

Service Gateway Management
DescriptionWhen the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, it will provide the appliance related information back to Trend Vision One.
Customers can disconnect/delete this appliance to disable it via Trend Vision One Service Gateway Management.
Data Collected
    • Hostname
    • IP address
    • MAC address
    • DNS
    • Customer proxy
    • NTP Server
    • DISK usage
    • CPU usage
    • Memory usage
    • Network throughput
    • Product name of connected devices
    • Connections summary
Console LocationWorkflow and Automation > Service Gateway Management
Console Settings

Service Gateway Console Location

Service Configuration

Service Configuration In Service Gateway
DescriptionService Gateway Management opens the service configuration API to service owner, and the detailed configurations are different from service to service.
Data Collected
  • Specified by the service owner which registers and stores the configuration in Service Gateway.
Console LocationWorkflow and Automation > Service Gateway Management > Appliance > Manage Services
Console Settings

Service Configuration Console Location

Local Active Update Service

Service Gateway Management
DescriptionWhen the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Active Update service, SG will provide connected product status.
Data Collected
  • AU URL
  • Specified by the customer the Trend Micro product AU URL and service gateway local AU URL.
Console LocationWorkflow and Automation > Service Gateway Management > Appliance, in the Installed Services table, choose ActiveUpdate Service, and then click the "Settings" button

Service Gateway Management

Forward Proxy Service

Service Gateway Management
DescriptionWhen the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables forward proxy service, SG will provide connected product status
Data Collected
  • Product Status
  • The Trend Micro product name connected to SG and connect time
Console LocationWorkflow and Automation > Service Gateway Management > Connected Products/Servers

Connected Products/Servers

Smart Protection Service

Service Gateway Management
DescriptionWhen the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Smart Protection Service, SG will provide connected product status.
Data Collected
  • Product Status
  • The Trend Micro product name is connected to SG and connect time
Console LocationWorkflow and Automation > Service Gateway Management > Connected Products/Servers

SPS Console Location

Back to top

XDR for Cloud

XDR for Cloud – Cloud Detections for AWS CloudTrail automatically collects and transmits the following data, some of which may be considered personal data in certain jurisdictions, after installing/enabling the product. It is necessary to collect this data to provide the security functions on this product. Therefore, you cannot disable these features. If you do not want Trend Micro to access this data, you should uninstall and stop using the product.

Cloud Detections for AWS CloudTrail
DescriptionThis information is used to analyze threats to customers' AWS account activity.
Data Collected
  • AWS account ID
  • AWS CloudTrail configuration
  • AWS CloudTrail events
Console LocationThis feature cannot be disabled.

Back to top

Data Posture

Data Posture allows customer to bind their cloud accounts to Trend Vision One, which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by unbinding cloud accounts.

DescriptionChoose the cloud accounts that need to opt-out from data collection and click “Remove” button to disconnect from Trend Micro and stop data being transmitted to Trend Micro.
Data Collected
  • AWS Account ID
  • AWS Macie Configuration
  • AWS Macie Custom Data Identifier
  • AWS S3 Bucket Name
  • AWS S3 Bucket Meta Data
Console LocationLogin Vision One Portal > Service Management > Cloud Accounts

Data Posture

Click the image to enlarge.

Back to top

Trend Vision One Data Center Locations

Region/Country of PurchaseData Center Location for Microsoft Entra ID
*Future Site for new Customers
Data Center Location for AWS
*Future Site for new Customers
USAEast US – N. VirginiaEast US – N. Virginia
EUWest Europe-NetherlandsFrankfurt, Germany
JapanTokyo, JapanTokyo, Japan
SGSingaporeSingapore
ANZAustralia Central
*Canberra, Australia
Sydney, Australia
 
IndiaMumbaiMumbai
Middle East and AfricaUAEUAE

Back to top