Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Smart Check Data Collection Disclosure

    • Updated:
    • 16 Sep 2020
    • Product/Version:
    • Deep Security Smart Check
    • Platform:
Summary

Deep Security Smart Check does not collect any personal data, but does collect non-personal data in order to measure product performance. The non-personal data that is collected is described below.

Non-Configurable Features

Configurable Features

Details
Public

License (pod)

Data is reported when the license pod makes an external API call, to check the validity of the user's license.

Data transmitted to Trend MicroAPI method, user agent, route, status of the API response, length of the API response, and duration of the API request.
Feature configuration locationThis feature cannot be configured.

Back to top

K8s-metrics-reporter

When Smart Check k8s-metrics-reporter starts, Deep Security Smart Check records telemetry data to measure information about the user’s license.

Data transmitted to Trend MicroEndpoint, API key, telemetry key, product type (always ‘dssc’), Smart Check version, activation code as sha256, license state (trial or full), cluster ID, and telemetry interval (every 24 hours)
Feature configuration locationThis feature cannot be configured.

Back to top

Deep Security Smart Check includes the following features, which may collect and transmit the following non-personal data to Trend Micro. You can disable any of these features at any time to prevent the corresponding data from being sent to Trend Micro.

Registryviews (pod)

Data is only reported for external API calls when a registry API method is called.

Data transmitted to Trend MicroAPI method, user agent, API routed path, status code of API response, length of API response, and API request duration.
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Registryviews (pod)

Whenever a registry is synced, registry data is reported.

Data transmitted to Trend MicroRegistry ID (sha256) along with the number of repositories and number of images it contains
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Sca-scan (container)

Data is reported when sca-scan finds a vulnerability while scanning an image.

Data transmitted to Trend MicroWhich scanner found the vulnerability (sca-scan), the ID of the requested scan, severity of the vulnerability, whether the vulnerability is fixable, and also the language of the sca-scan finding (only Java and Python at the moment)
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod)

Data is reported when the scan pod makes an external API call.

Data transmitted to Trend MicroAPI method, user agent, route, status of the API response, length of the API response, and duration of the API request.
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod), filescan, clair

Data is reported when the scan pod scans a layer inside an image.

Data transmitted to Trend MicroScan ID, scanner type, sha256 layer ID, size of the image layer, number of scan attempts, duration of scan, and cache hit.
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod), oscap

Data is reported when the oscap container scans a layer inside an image.

Data transmitted to Trend MicroScan ID, scanner type, image layer size, duration of scan.
Feature configuration locationThe customer can add the following to their overrides.yaml:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod), vscan

Reports any errors that occur while the vulnerability scanner is scanning an image.

Data transmitted to Trend MicroScanner type (malware), scan ID of the scan, also the error itself.
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod)

Reports information regarding the scan after the scan is completed.

Data transmitted to Trend MicroID of the scan, time when the scan was requested, time when the scan started, and the time when the scan completed, type of the scan, scan status, and also scan findings.
Feature configuration locationThe customer can add the following to their overrides.yaml:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Scan (pod), webhooks

Whenever a webhook is used, Deep Security Smart Check records telemetry data to measure the performance of the webhook feature.

Data transmitted to Trend MicroEither the status of the API call if the webhook is internal.

If the webhook is external, the hook type, event, status, whether HMAC was used, whether insecureSkipVerify is true or false, and the duration of the API call to use the webhook.

Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Auth (pod)

Reports API calls from the auth pod/service only if the API interface is external.

Data transmitted to Trend MicroAPI interface, API request method, user agent, API request route, API response status code, API response content length, API call duration
Feature configuration locationThe customer can add the following to their overrides.yaml file:

Then, the customer can run ‘helm install’ or ‘helm upgrade’ so that the change is reflected in their Deep Security Smart Check deployment.

Back to top

Admission control, in scan (pod)

Deep Security Smart Check sends events and their status to Trend Micro Cloud One™ - Container Security. This only occurs if cloudOne.apiKey is set (default is unset).

Data transmitted to Trend MicroEndpoint of the Cloud One service, API event, API response status, and duration of the API call.
Feature configuration location

No action needs to be taken since no data is sent unless cloudOne.apiKey is set. By default, cloudOne.apiKey is not set.

Back to top

Premium
Internal
Partner
Rating:
Category:
SPEC
Solution Id:
000270823
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.