Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Vision One Data Collection Notice

    • Updated:
    • 28 Apr 2021
    • Product/Version:
    • Trend Micro Vision One All
    • Platform:
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the related product consoles where you can disable the features.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

General Trend Micro Vision One Service

Data Collected
  • Email
  • Phone number
  • Contact names
  • IP Address
Console LocationData provided to Trend Micro during on-boarding process and during normal service delivery.
Console SettingsAccount Management - Name and email required if additional accounts are created.

Configurable Additional Data Collection Using the Trend Micro Vision One Console

Description fields
Data CollectedCustomer provided text
Console LocationVarious locations throughout the Trend Micro Vision One product console

Optional: Free-Form Text field for customer user to provide additional information at their discretion. Please do not enter any personal or sensitive information.

Description fields

Share your Feedback
Data CollectedCustomer provided text

Optional- Customers may submit feature requests and ideas to the Trend Micro Vision One Product team. Please do not input any personal or sensitive information into the feedback form.

Console Location[XDR Resource Center menu icon] > Share Your Feedback > Make a Suggestion
Console Settings
  • Make a Suggestion

Feedback window

Search App
Data CollectedSaved queries of search history, including:
  • Names (user, domain, file, object)
  • UserID
  • Email addresses
  • IP addresses
  • Browsing history
  • Command history

Optional: User can save the search parameters for future queries.

Console Location

Saved Search Queries

Trend Micro Vision One Terms of Service (Endpoint Basecamp)
Data Collected
  • Endpoint name
  • IP address
  • Mac address

After customers agree to the Terms of Service, Privacy Notice and DataCollection Notice, the data collection can’t be disabled

Console Location

To enable: Trend Micro XDR Terms of Service > I agree to the Terms of Service, Privacy Notice, and Data Collection Notice > Get Started

XDR Terms of Service

To disable: Open Task Scheduler on each endpoint and disable the "Trend Micro Endpoint Basecamp" scheduled task.

Run Windows Task Scheduler > Click Task Scheduler Library > right-click Trend Micro Endpoint Basecamp > Disable

Task Scheduler

Email Inventory
Data Collected
  • Account name
  • User display name
  • Group name
  • User membership
  • Mailbox account
  • Email address

The data collection can't be disabled when customers use Email Inventory.

Console Location
  • To enable: Email Inventory > configure the following:
    • Use the Exchange Web Service Managed API for quarantine management
    • Use the Graph API to access all mailboxes
    • Access the user profiles and mailboxes
  • To disable: Click the Help icon > Contact Support, and open a support ticket.

    Contact Support

Endpoint Inventory - Enable Trend Micro Vision One capabilities
Data Collected
  • Command line
  • File name
  • File owner
  • File signer
  • Host name
  • IP address
  • Process owner
  • Registry data
  • User name
  • URL
  • Windows event log
Console Location
  • To enable: Endpoint Inventory > Available endpoints tab > [select endpoint] > Enable

    Endpoint Inventory

  • To Disable: Endpoint Inventory > Reporting to XDR tab > [select endpoint] > Disable

Disable Enpoint Inventory

Identity & Risk Insights

This data is needed to determine if a sign-on activity is suspicious and if the use of a cloud application is allowed.

Log Collection from Azure AD
Data Collected

Data transmitted relates to sign-on activities.

  • User information

    • userID
    • userDisplayName
    • userPrincipalName
    • ipAddress
    • location (city, state and country)
    • mailAddress
    • jobTitle
    • department
    • givenname
    • surname
    • mailNickname
    • imAddresses
    • lastPasswordChangeDateTime
    • Groups
  • application being used (appID, appDisplayName ,clientAppUsed)
  • createdDateTime
  • devicedetail (browser and OS)
  • Sign in Logs

    • location
    • status
    • conditionalAccessStatus
    • correlationId
    • riskState
    • riskDetail
    • riskLevelAggregated
    • riskLevelDuringSignIn
    • riskEventTypes
    • resourceDisplayName
    • resourceId
Console LocationIdentity & Risk Insights App > Configure data source.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

This data is needed to determine if the use of a cloud application is allowed.

Log Collection from Splunk Enterprise
Data Collected

Data transmitted relates to an access to a URL (an event).

  • Eventhour : the time the event happens.
  • Src : IP address from where the event is initiated.
  • Hostname : from where the event is initiated.
  • Website : the URL
  • Count : times of the access (aggregated)
  • Username : user who initiates the event.
Console LocationIdentity & Risk Insights App > Configure data source

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

The data is needed to determine if OneDrive account has potential risk.

OneDrive usage & activity data fields from Office 365
Data Collected
  • OneDrive Activity User Detail
    • Report Refresh Date
    • User Principal Name
    • Is Deleted
    • Deleted Date
    • Last Activity Date
    • Viewed Or Edited File Count
    • Synced File Count
    • Shared Internally File Count
    • Shared Externally File Count
    • Assigned Products
    • Report Period
  • OneDrive Usage Account Detail
    • Report Refresh Date
    • Site URL
    • Owner Display Name
    • Is Deleted
    • Last Activity Date
    • File Count
    • Active File Count
    • Storage Used (Byte)
    • Storage Allocated (Byte)
    • Owner Principal Name
    • Report Period
Console LocationCloud Visibility App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

The data is needed to determine if SharePoint account has potential risk.

SharePoint usage & activity data fields from Office 365
Data Collected
  • SharePoint Activity User Detail
    • Report Refresh Date
    • User Principal Name
    • Is Deleted
    • Deleted Date
    • Last Activity Date
    • Viewed Or Edited File Count
    • Synced File Count
    • Shared Internally File Count
    • Shared Externally File Count
    • Visited Page Count
    • Assigned Products
    • Report Period
  • SharePoint Site Usage Account Detail
    • Report Refresh Date
    • Site Id
    • Site URL
    • Owner Display Name
    • Is Deleted
    • Last Activity Date
    • File Count
    • Active File Count
    • Page View Count
    • Visited Page Count
    • Storage Used (Byte)
    • Storage Allocated (Byte)
    • Root Web Template
    • Owner Principal Name
    • Report Period
  • SharePoint Activity File Counts
    • Report Refresh Date
    • Viewed Or Edited
    • Synced
    • Shared Internally
    • Shared Externally
    • Report Date
    • Report Period
Console LocationCloud Visibility App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

The data is needed to determine if Outlook account has potential risk.

Outlook usage & activity data fields from Office 365
Data Collected
  • Email App Usage User Detail
    • Report Refresh Date
    • User Principal Name
    • Display Name
    • Is Deleted
    • Deleted Date
    • Last Activity Date
    • Mail For Mac
    • Outlook For Mac
    • Outlook For Windows
    • Outlook For Mobile
    • Other For Mobile
    • Outlook For Web
    • POP3 App
    • IMAP4 App
    • SMTP App
    • Report Period
  • Mailbox Usage Detail
    • Report Refresh Date
    • User Principal Name
    • Display Name
    • Is Deleted
    • Deleted Date
    • Created Date
    • Last Activity Date
    • Item Count
    • Storage Used (Byte)
    • Issue Warning Quota (Byte)
    • Prohibit Send Quota (Byte)
    • Prohibit Send/Receive Quota (Byte)
    • Deleted Item Count
    • Deleted Item Size (Byte)
    • Report Period
  • Email Activity User Detail
    • Report Refresh Date
    • User Principal Name
    • Display Name
    • Is Deleted
    • Deleted Date
    • Last Activity Date
    • Send Count
    • Receive Count
    • Read Count
    • Assigned Products
    • Report Period
Console LocationCloud Visibility App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

The data is needed to determine if Teams account has potential risk.

Teams activity data fields from Office 365
Data Collected
  • Teams User Activity User Detail
    • Report Refresh Date
    • User Principal Name
    • Last Activity Date
    • Is Deleted
    • Deleted Date
    • Assigned Products
    • Team Chat Message Count
    • Private Chat Message Count
    • Call Count
    • Meeting Count
    • Has Other Action
    • Report Period
Console LocationCloud Visibility App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

This data is needed to determine if O365 account has been compromised.

O365 (Exchange Online, SharePoint Online, OneDrive for Business) Risk Insights
Data Collected
  • File name
  • File SHA1
  • File MD5
  • User principal name
  • SharePoint/OneDrive folder path
  • URL
  • File upload time
  • File type
Console LocationIdentity & Risk Insights App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

This data is needed to determine if the use of cloud service is allowed.

Web Gateway Risk Insights
Data Collected
  • User name
  • URL accessed
  • Department
  • Device name
  • User principal name
  • AD domain
  • Browsing time
Console LocationIdentity & Risk Insights App > Data source configuration.

Contact Trend Micro Technical Support to turn off data transmission in order to prevent collecting logs in the future.

Service Gateway

Service Gateway Inventory
Data Collected
  • Hostname
  • IP address
  • Service URL
  • DISK usage
  • CPU usage
  • Memory usage
  • Network throughput
  • IP address/Hostname of connected devices
Console LocationInventory Management > Service Gateway Inventory > Disconnect
Console Settings
  • Disconnect

Service Gateway Inventory

Smart Protection Services
Data Collected
  • URL
  • File path
  • IP address
Console LocationInventory Management > Service Gateway Inventory > Configure
Console Settings

Smart Protection Services

Third Party Integration, Active Update and Program update
Data Collected
  • IP address
Console LocationInventory Management > Service Gateway Inventory > Configure
Console Settings

configure

Trend Micro Vision One Data Center Locations

Country of PurchaseUSAEUJapanSGANZEU - UKCanada
Data Center Location for Azure
*Future Site for new Customers
East US – N. VirginiaWest Europe-NetherlandsTokyo, JapanSingaporeEast US – N. Virginia
*Canberra, Australia
West Europe-NetherlandsEast US – N. Virginia
Data Center Location for AWS
*Future Site for new Customers
East US – N. VirginiaFrankfurt, GermanyTokyo, JapanSingaporeEast US – N. Virginia
*Sydney, Australia
Frankfurt, GermanyEast US – N. Virginia
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000262137
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.