Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Vision One Data Collection Notice

    • Updated:
    • 2 Jun 2021
    • Product/Version:
    • Trend Micro Vision One All
    • Platform:
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the related product consoles where you can disable the features.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

General Trend Micro Vision One Service

Data Collected
  • Email
  • Phone number
  • Contact names
  • IP Address
Console LocationData provided to Trend Micro during on-boarding process and during normal service delivery.
Console SettingsAccount Management - Name and email required if additional accounts are created.

Configurable Additional Data Collection Using the Trend Micro Vision One Console

Description fields
Data CollectedCustomer provided text
Console LocationVarious locations throughout the Trend Micro Vision One product console

Optional: Free-Form Text field for customer user to provide additional information at their discretion. Please do not enter any personal or sensitive information.

Description fields

Share your Feedback
Data CollectedCustomer provided text

Optional- Customers may submit feature requests and ideas to the Trend Micro Vision One Product team. Please do not input any personal or sensitive information into the feedback form.

Console Location[XDR Resource Center menu icon] > Share Your Feedback > Make a Suggestion
Console Settings
  • Make a Suggestion

Feedback window

Search App
Data CollectedSaved queries of search history, including:
  • Names (user, domain, file, object)
  • UserID
  • Email addresses
  • IP addresses
  • Browsing history
  • Command history

Optional: User can save the search parameters for future queries.

Console Location

Saved Search Queries

Trend Micro Vision One Terms of Service (Endpoint Basecamp)
Data Collected
  • Endpoint name
  • IP address
  • Mac address

After customers agree to the Terms of Service, Privacy Notice and DataCollection Notice, the data collection can’t be disabled

Console Location

To enable: Trend Micro XDR Terms of Service > I agree to the Terms of Service, Privacy Notice, and Data Collection Notice > Get Started

XDR Terms of Service

To disable: Open Task Scheduler on each endpoint and disable the "Trend Micro Endpoint Basecamp" scheduled task.

Run Windows Task Scheduler > Click Task Scheduler Library > right-click Trend Micro Endpoint Basecamp > Disable

Task Scheduler

Email Inventory
Data Collected
  • Account name
  • User display name
  • Group name
  • User membership
  • Mailbox account
  • Email address

The data collection can't be disabled when customers use Email Inventory.

Console Location
  • To enable: Email Inventory > configure the following:
    • Use the Exchange Web Service Managed API for quarantine management
    • Use the Graph API to access all mailboxes
    • Access the user profiles and mailboxes
  • To disable: Click the Help icon > Contact Support, and open a support ticket.

    Contact Support

Endpoint Inventory - Enable Trend Micro Vision One capabilities
Data Collected
  • Command line
  • File name
  • File owner
  • File signer
  • Host name
  • IP address
  • Process owner
  • Registry data
  • User name
  • URL
  • Windows event log
Console Location
  • To enable: Endpoint Inventory > Available endpoints tab > [select endpoint] > Enable

    Endpoint Inventory

  • To Disable: Endpoint Inventory > Reporting to XDR tab > [select endpoint] > Disable

Disable Enpoint Inventory

Zero Trust Risk Insights

This data is needed to determine if a sign-in activity is suspicious and if the use of cloud app is risky.

Data Source: Azure AD
Data Collected

Data transmitted relates to sign-on activities.

  • User information

    • User ID
    • User display name
    • User principal name
    • IP address
    • Groups
    • Location (city, state, country)
    • Email address
    • Job title
    • Department
    • Given name
    • Surname
    • Email nickname
    • IM addresses
    • Last password change datetime
  • Application being used

    • App ID
    • App display name
    • Client app used
  • Sign in Logs

    • Sign-in initiated time
    • Device detail (Browser and OS)
    • Location
    • Status
    • Conditional access status
    • Correlation ID
    • Risk state
    • Risk detail
    • Risk level aggregated
    • Risk level during sign-in
    • Risk event types
    • Resource display name
    • Resource ID
Console LocationZero Trust Risk Insights App > Data source configuration > Azure AD > Data upload permission > Off

Azure AD

Azure AD

This data is needed to determine if activities on an endpoint are risky. This data is needed to determine if a device is vulnerable.

Data Source: Endpoint Sensor
Data Collected

Data transmitted relates to an access to a URL (an event).

  • Endpoint name
  • Logon user name
  • User principal name
  • Logon user domain
  • IP addresses
  • Suspicious file path
  • Suspicious file name
  • Suspicious file hash
  • URL
  • OS version
  • Agent ID
  • OS name
  • Software name
  • Software version
  • File paths
  • CVE ID
  • CVE score
Console LocationZero Trust Risk Insights App > Data source configuration > Endpoint sensor > Data upload permission > Off

Endpoint Sensor

Endpoint Sensor

 
Disabling the data source only prevents Zero Trust Risk Insights from accessing the data collected by Endpoint Sensors. To prevent Endpoint Sensor from collecting data, uninstall Endpoint Sensor from the endpoint.
 

This data is needed to determine if the use of cloud app is risky.

Data Source: 3rd party logs (Splunk Enterprise)
Data Collected

Data transmitted relates to URL access events.

  • Event time
  • Source IP address
  • Host name: from where the event is initiated
  • Website: the URL
  • Count: aggregated times of the access
  • User name: user who initiates the event
Console LocationZero Trust Risk Insights App > Data source configuration > 3rd party logs > Data upload permission > Off

 

3rd party - Splunk

3rd party - Splunk

This data is needed to determine if activities on mobile device are risky.

Data Source: Mobile Sensor
Data Collected
  • Logon user name
  • User principal name
  • IP address
  • App name
  • App package name
  • Device hostname
  • Device OS
  • URL
Console LocationZero Trust Risk Insights App > Data source configuration > Mobile sensor > Data upload permission > Off

 

Mobile Sensor

Mobile Sensor

 
Disabling the data source only prevents Zero Trust Risk Insights from accessing the data collected by Mobile Sensors. To prevent Mobile Sensor from collecting data, uninstall Mobile Sensor from the device.
 

This data is needed to determine if a sign-in activity is suspicious and if the use of cloud app is risky.

Data Source: Okta
Data Collected

Data transmitted relates to Okta sign-in activities.

  • User information

    • User ID
    • User display name
    • User principal name
    • Location (country, state, city)
    • Job title
    • Email address
    • User type
    • Company name
    • Department
    • Given name
    • Surname
    • Nickname
    • Group
    • Second email address
    • Account create datetime
    • Last password change datetime
  • Sign-in logs

    • Sign-in event time
    • User principal name
    • Endpoint IP address
    • Request URI
    • Device OS
    • Device browser
    • User ID
    • User display name
    • Location (country, state, city, postcode, geolocation)
    • Sign-in status
Console Location

Zero Trust Risk Insights App > Data source configuration > Okta > Data upload permission > Off

Okta

Okta

The data is needed to determine if Microsoft Office 365 account has potential risk.

Data Source: Office 365 > Data upload permission
Data Collected
  • OneDrive activity report
    • Report refresh date
    • User principal name
    • Deleted
    • Deleted date
    • Last activity date
    • Files viewed or edited (count)
    • Files synced (count)
    • Files shared internally (count)
    • Files shared externally (count)
    • Products assigned
    • Report period
  • OneDrive usage report

    • Report refresh date
    • Site URL
    • Owner username
    • Owner principal name
    • Deleted
    • Last activity date
    • Files (count)
    • Active files (count)
    • Storage used (Byte)
    • Storage allocated (Byte)
    • Report period
  • SharePoint activity report

    • Report refresh date
    • User principal name
    • Deleted
    • Deleted date
    • Last activity date
    • Files viewed or edited (count)
    • Files synced (count)
    • Files shared internally (count)
    • Files shared externally (count)
    • Pages visited (count)
    • Products assigned
    • Report period
  • SharePoint site usage report

    • Report refresh date
    • Site ID
    • Site URL
    • Site owner username
    • Site owner principal name
    • Deleted
    • Last activity date
    • Files (count)
    • Active files (count)
    • Page views (count)
    • Page visited (count)
    • Storage used (Byte)
    • Storage allocated (Byte)
    • Root web template
    • Report period
  • Outlook email app usage report

    • Report refresh date
    • User principal name
    • Display Name
    • Deleted
    • Deleted date
    • Last activity date
    • Outlook (Mac)
    • Outlook (Windows)
    • Outlook (Mobile)
    • Mobile
    • Outlook on the web
    • POP3 app
    • IMAP4 app
    • SMTP app
    • Report period
  • Mailbox usage report

    • Report refresh date
    • User principal name
    • Display name
    • Deleted
    • Deleted date
    • Created date
    • Last activity date
    • Item count
    • Storage used (Byte)
    • Issue warning quota (Byte)
    • Prohibit send quota (Byte)
    • Prohibit send/receive quota (Byte)
    • Deleted Item Count
    • Deleted Item Size (Byte)
    • Report period
  • Email activity report

    • Report refresh date
    • User principal name
    • Display name
    • Deleted
    • Deleted date
    • Last activity date
    • Send actions (count)
    • Receive actions (count)
    • Read actions (count)
    • Products assigned
    • Report period
  • Microsoft Teams user activity report

    • Report refresh date
    • User principal name
    • Last activity date
    • Deleted
    • Deleted date
    • Products assigned
    • Channel messages (count)
    • Chat messages (count)
    • 1:1 calls (count)
    • Total meetings (count)
    • Other activity
    • Report period
Console Location

Zero Trust Risk Insights App > Data source configuration > Office 365 > Data upload permission > Off

Office 365 - Data upload permission

Office 365 - Data upload permission

This data is needed to determine if Microsoft Office 365 account has been compromised or has risky activities.

Data Source: Office 365 > Threat detection upload permission
Data Collected
  • File name
  • File SHA1
  • File MD5
  • User principal name
  • SharePoint/OneDrive file path
  • URL
  • File upload time
  • File type
  • Email meta information
Console Location

Zero Trust Risk Insights App > Data source configuration > Office 365 > Threat detection upload permission > Off

Office 365 - Threat detection upload permission

This data is needed to determine if the use of cloud app is risky.

Data Source: Web Sensor
Data Collected

Cloud app access logs

  • User name
  • URL accessed
  • Department
  • Device name
  • User principal name
  • AD domain
  • Browsing time
Console Location

Zero Trust Risk Insights App > Data source configuration > Web sensor > Off

Web Sensor

Web Sensor

Service Gateway

Service Gateway Inventory
Data Collected
  • Hostname
  • IP address
  • Service URL
  • DISK usage
  • CPU usage
  • Memory usage
  • Network throughput
  • IP address/Hostname of connected devices
Console LocationInventory Management > Service Gateway Inventory > Disconnect
Console Settings
  • Disconnect

Service Gateway Inventory

Smart Protection Services
Data Collected
  • URL
  • File path
  • IP address
Console LocationInventory Management > Service Gateway Inventory > Configure
Console Settings

Smart Protection Services

Third Party Integration, Active Update and Program update
Data Collected
  • IP address
Console LocationInventory Management > Service Gateway Inventory > Configure
Console Settings

configure

Trend Micro Vision One Data Center Locations

Country of PurchaseData Center Location for Azure
*Future Site for new Customers
Data Center Location for AWS
*Future Site for new Customers
USAEast US – N. VirginiaEast US – N. Virginia
EUWest Europe-NetherlandsFrankfurt, Germany
JapanTokyo, JapanTokyo, Japan
SGSingaporeSingapore
ANZEast US – N. Virginia
*Canberra, Australia
East US – N. Virginia
*Sydney, Australia
EU - UKWest Europe-NetherlandsFrankfurt, Germany
CanadaEast US – N. VirginiaEast US – N. Virginia
IndiaMumbaiMumbai
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000262137
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.