Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Cloud One™ - Application Security Data Collection Notice

    • Updated:
    • 10 Jul 2020
    • Product/Version:
    • Cloud One - Application Security 1.0
    • Platform:
    • N/A
Summary

Cloud One Application Security includes the following modules which may cause the corresponding data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the data collection by disabling specific modules. Certain data collection may be mandatory and cannot be disabled.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

Environment Data

The Environment Data is sent once when your application starts. The Environment Data includes information related to platform, libraries and the language the application is running in.

Data collected
  • Programming Language: e.g. python 3.6
  • Runtime: e.g. CPython 3.6
  • Library versions: e.g.

    • boto3:1.7.74
    • botocore:1.10.74
    • etc…
  • Kernel version: e.g. Linux 3.13.0-92-generic x86_64 GNU/Linux
  • OS Version: e.g. Ubuntu 14.04.5 LTS
  • Application Security version
  • Configuration & Custom Tags (set in library config file): ex: log_level:INFO, app_name: my app, etc.
  • Process ID and Parent Process ID: Used to identify sub-processes running within the same server.
Console locationNot applicable, the environment data is not configurable.
Console settings

Back to top

Telemetry Data

The telemetry data is sent periodically.

Data collected
  • Total Transactions: Count of all requests seen by the library.
  • Reported Transactions: Count of all requests with events reported to cloud.
  • Dropped Messages: Count of messages discarded by the library due to a connection issue.
  • Rejected Messages: Count of messages discarded when rejected by the cloud backend.
  • Exceptions: count of internal library exceptions processing request data.
  • Performance Data: Aggregate and sampled timing data on the Application Security library performance. Used to monitor the performance of our code to track typical performance data in our customers’ environments.
  • Network interface MAC Addresses: Used to identify apps running on the same host.
  • Instance ID, Container ID, Instance ARN, Region: Identification info to distinguish instances vs containers vs lambda for billing.
  • Active ruleset and AV versions: Current release version of the running Malicious Payload ruleset and AV definitions.
  • Policy version: Active version of policy.
Console locationNot applicable, the environment data is not configurable.
Console settings

Back to top

General Request Data

General HTTP request data sent when security events are generated, included in all types of security events, with HTTP request

Data collected

Unique transaction ID generated by:

  • library
  • HTTP Method
  • URL Path
  • URL QueryString
  • HTTP Protocol
  • HTTP Host Header
  • HTTP X-Forward-For Header
  • Remote IP Address
Console locationConfigured as part of the specific event protection type.
Console settings

Back to top

Lambda Invocation Data

General data sent when security events are generated for a lambda function, included in all types of security events.

Data collected
  • AWS Request ID
  • Function Name
  • Function Version
  • Invoked Function ARN
  • Amazon Trace ID (if available)
  • TargetGroup ARN (for ALB invocation)
  • Request ID (for API Gateway invocation)
  • API Stage (for API Gateway invocation)
Console locationConfigured as part of the specific event protection type.
Console settings

Back to top

General Event Data

General data sent when security events are generated, for any types of security events, whether they are generated from HTTP based web application or Lambda function.

Data collected
  • Timestamp
  • Blocked: true/false
  • Custom event tags
Console locationConfigured as part of the specific event protection type.
Console settings

Back to top

Malicious Payload Event

Specific event data sent when malicious payload protection triggers.

Disabling the setting, disables the malicious payload protection.

Data collected
  • Rule ID
  • Payload Sample: Portion of HTTP stream containing identified payload. Note, this may contain some additional HTTP headers not normally sent like Cookies.
  • Payload Position: Byte offset of malicious bytes within the payload sample.
Console locationDashboard > Application Name > Policies
Console settings

Malicious Payload

Malicious Payload

Back to top

Illegal File Access Event

Specific event data sent when illegal file access protection triggers.

Disabling the setting, disables the illegal file access protection.

Data collected
  • Function Used: Language function used to open file (ex: open, os.open, etc.)
  • Current Working Directory
  • Target File: The file that was attempted to open.
  • Matched Rule: Rule that was matched by this open attempt.
  • Open Mode: Read or Write
  • Stack Trace: Traceback leading to execution.
Console locationDashboard > Application Name > Policies
Console settings

Illegal File Access

Illegal File Access

Back to top

SQLi Event

Specific event data sent when SQL injection protection triggers.

Disabling the setting, disables the SQL injection protection.

Data collected
  • SQL Query: Query text flagged. Literal values are stripped out before being sent.
  • Algorithm Detected: Why is this query flagged. (ex: Always True, Always False, Bad Statement, etc.)
  • SQL Dialect: (ex: postgres, mysql, etc.)
  • Stack Trace: Traceback leading to execution.
Console locationDashboard > Application Name > Policies
Console settings

SQL Injection

SQL Injection

Back to top

Open Redirect Event

Specific event data sent when open redirect protection triggers.

Disabling the setting, disables the open redirect protection.

Data collected
  • Redirect Location: Target of the redirect
  • Rule Matched: Matching rule that matches Location above
  • Stack Trace: Traceback leading to execution
Console locationDashboard > Application Name > Policies
Console settings

Open Redirect

Open Redirect

Back to top

Remote Command Execution Event

Specific event data sent when remote command execution protection triggers.

Disabling the setting, disables the remote command execution protection.

Data collected
  • Command and Arguments: Command that was attempted to run.
  • Function Used: Function used to execute command.
  • Rule Matched: Matching rule that matches command above.
  • Stack Trace: Traceback leading to execution.
Console locationDashboard > Application Name > Policies
Console settings

Remote Command Execution

Remote Command Execution

Back to top

Malicious File Upload Event

Specific event data sent when malicious file upload protection triggers.

Disabling the setting, disables the malicious file upload protection.

Data collected
  • Form Parameter Name: Form field name in HTTP form used for upload.
  • File Name: File name supplied by source of file.
  • Virus Name: Name of detected virus/malware.
Console locationDashboard > Application Name > Policies
Console settings

Malicious File Upload

Malicious File Upload

Back to top

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000247826
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.