Views:

Endpoint Sensor
Standard Endpoint Protection
Server & Workload Protection
Email and Collaboration Security
Container Security
Zero Trust Secure Access
Mobile Security
XDR Portal
Security Assessment Service
Attack Surface Risk Management
Sandbox Analysis App
Common Directory
Network
- Network Inventory
- Virtual Network Sensor
Service Gateway Management
XDR for Cloud
- Cloud Detections for AWS CloudTrail
Data Posture

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Trend Vision One Data Center Locations

General Trend Vision One Service

Data Collected	Email Phone number Contact names IP Address
Console Location	Data provided to Trend Micro during on-boarding process and during normal service delivery.
Console Settings	Account Management - Name and email required if additional accounts are created.

Configurable Additional Data Collection Using the Trend Vision One Console

Description fields
Data Collected	Customer provided text
Console Location	Various locations throughout the Trend Vision One product console Optional: Free-Form Text field for customer user to provide additional information at their discretion. Please do not enter any personal or sensitive information.

Share your Feedback
Data Collected	Customer provided text Optional- Customers may submit feature requests and ideas to the Trend Vision One Product team. Please do not input any personal or sensitive information into the feedback form.
Console Location	[XDR Resource Center menu icon] > Share Your Feedback > Make a Suggestion
Console Settings	Make a Suggestion

Search App
Data Collected	Saved queries of search history, including: Names (user, domain, file, object) UserID Email addresses IP addresses Browsing history Command history Optional: User can save the search parameters for future queries.
Console Location

Response App
Description	Response app collect Endpoint information when customer take response actions. It stores these data to record the task history. It collects file when customer take collect file action. It stores these data for customer downloading and threat investigate app like sandbox. It can take the following actions on account name: Enable User Account Disable User Account Force Reset Password Force Sign Out The task histories contain the account name.
Data Collected	Endpoint IP Endpoint Hostname File Path Email Address Email Subjsect File Account Name
Console Location

Security Playbooks
Description	Security Playbooks collects data when customers configure security playbooks and when security playbooks execute.
Data Collected	IP address Hostname Fully Qualified Domain Name OS name OS type Email address File File name File path URL Device GUID Device name User Principal Name Account name Account type Account role CVE ID
Console Location	Workflow And Automation > Security Playbooks > Templates Workflow And Automation > Security Playbooks > Templates > Create playbook from template Workflow And Automation > Security Playbooks > Playbooks Workflow And Automation > Security Playbooks > Execution Results

Trend Vision One Terms of Service (Endpoint Basecamp)
Data Collected	Endpoint name IP address Mac address After customers agree to the Terms of Service, Privacy Notice and Data Collection Notice, the data collection can’t be disabled
Console Location	To enable: Trend Micro XDR Terms of Service > I agree to the Terms of Service, Privacy Notice, and Data Collection Notice > Get Started To disable: Open Task Scheduler on each endpoint and disable the "Trend Micro Endpoint Basecamp" scheduled task. Run Windows Task Scheduler > Click Task Scheduler Library > right-click Trend Micro Endpoint Basecamp > Disable

Email Inventory
Data Collected	Account name User display name Group name User membership Mailbox account Email address The data collection can't be disabled when customers use Email Inventory.
Console Location	To enable: Email Inventory > configure the following: Use the Exchange Web Service Managed API for quarantine management Use the Graph API to access all mailboxes Access the user profiles and mailboxes To disable: Click the Help icon > Contact Support, and open a support ticket.

Endpoint Inventory - Enable Trend Vision One capabilities
Data Collected	Command line File name File owner File signer Host name IP address Process owner Registry data User name URL Windows event log
Console Location	To enable: Endpoint Inventory > Available endpoints tab > [select endpoint] > Enable To Disable: Endpoint Inventory > Reporting to XDR tab > [select endpoint] > Disable

The user ID and user account are used for user behavior tracking and auditing. The company ID identifies which company this customer belongs to.

Endpoint Security Policies
Data Collected	User ID User Account Company ID
Console Location	Security Policies > Endpoint
Console Settings	Endpoint

XDR Portal

XDR Portal automatically collects and transmits the following data, some of which may be considered personal data in certain jurisdictions, after installing/enabling the product. It is necessary to collect this data to provide the security functions on this product. Therefore, you cannot disable these features. If you do not want Trend Micro to access this data, you should uninstall and stop using the product.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

XDR Portal (First Time)
Description	XDR Portal use these information for customer log on and data display on portal.
Data Transmitted to Trend Micro	Contact Name Account ID Email Address CLP company ID Company Name Country/Region Display name Credit Create Time Credit Expiration Time Credit Stock Id Credit Stock Type Entitlement Start Time Entitlement End Time Entitlement ID Entitlement Source
Feature Configuration Location

XDR Portal Alert Notification
Description	XDR Portal UI use this information to let customer can receive alert notification by email
Data Transmitted to Trend Micro	Email address Webhook URL
Feature Configuration Location

XDR Portal Product Connector
Description	XDR Portal use this information to detect product connection status and display on portal
Data Transmitted to Trend Micro	Device ID
Feature Configuration Location

XDR Portal UI Pendo
Description	XDR Portal UI analysis customer behavior for product usage and product enhancements
Data Transmitted to Trend Micro	IP address, User Behavior User Agent Browser Name Browser Version Account ID CLP CompanyID
Feature Configuration Location

XDR Portal UI Pendo
Description	When customers submit feedback through the Pendo Feedback tool, their email address is sent to product managers so the product managers can respond to and acknowledge the customer's submission. When feedback is actioned, the product manager will update the customer using the email associated with the feature / enhancement request in the Pendo feedback tool.
Data Transmitted to Trend Micro	Email Address

Security Assessment Service

Security Assessment Service includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Trend Vision One Security Assessment Service
Data Collected & Console Location	Trend Vision One Security Assessment Service includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Security Assessment Service Data Collection Notice.

Attack Surface Risk Management

Attack Surface Risk Management includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Trend Vision One XDR Sensors

Endpoint Sensor
Description	By installing and enabling endpoint sensors throughout your network, Trend Micro can analyze endpoint data that includes user activities, cloud app access, and endpoint vulnerabilities to provide risk insights. Install more sensors to gain better insight into your users' cloud app usage throughout your network. You must install agents and enable XDR Sensors using Endpoint Inventory to begin receiving activity data.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses MAC address Suspicious file path Suspicious file name Suspicious file hash URL OS name OS version OS build number OS patch level OS SKU Agent ID Installed software name Installed software version Software installation path Software patch information
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Endpoint Sensor > Endpoint Inventory

Email Sensor
Description	By enabling Trend Vision One Email Sensor in Email Account Inventory, Trend Micro can analyze email activities and detect threats on monitored Exchange Online and Gmail mailboxes. You must monitor mailboxes using Email Account Inventory to begin receiving activity data.
Data Collected	Event time User principal name Domain name SAM account name URL Email attachment information Email meta information
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Email Inventory

Network Sensor
Description	By enabling Trend Vision One Network Sensor, Trend Micro can analyze network activity from your monitored network traffic to discover suspicious traffic and abnormal behavior. You must enable Network Analytics using Network Inventory to begin receiving and analyzing network activity data.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port Endpoint IP Peer IP File path File name Username Sender email address
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Trend Vision One Network Sensor > Network Inventory

Trend Micro Security Services

Security Agents
Description	By installing security agents throughout your network, Trend Micro can analyze endpoint data that includes user activities, web activities, cloud app access, security settings, and threat detections to provide risk insights.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses MAC address Suspicious file path Suspicious file name Suspicious file hash URL OS name OS version OS build number OS patch level OS SKU Agent ID Installed software name Installed software version Software installation path Software patch information Product configuration
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Standard Endpoint Protection > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Server & Workload Protection > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One as a Service > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One On-premises > Product Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Instance Trend Cloud One - Endpoint & Workload Security > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Security > Product Instance

Cloud Email and Collaboration Protection
Description	Connect Cloud Email and Collaboration Protection using the Product Instance app to analyze detected threats and security settings on monitored Google Gmail and Office 365 apps.
Data Collected	File name File SHA1 File MD5 User principal name SharePoint/OneDrive file path URL File upload time File type Email meta information
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email and Collaboration Protection > Product Instance

Cloud Email Gateway Protection
Description	Cloud Email Gateway Protection analyzes email activities, security settings, and detected threats on monitored email gateways. Connect this data source to Trend Vision One through the Product Connector app.
Data Collected	Primary email User principal name User display name Department Tenant name Group name Email meta information Server host name Server domain Server OS name Server OS version Server IP address Server MAC address Server Interfaces
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email Gateway Protection > Product Instance

Trend Cloud One - Conformity
Description	By connecting Conformity, which has a growing public library of 900+ cloud infrastructure configuration best practices for your AWS, Microsoft Azure, and Google Cloud environments, Attack Surface Risk Management can automatically monitor your cloud infrastructure, and provide instant visibility into compliance and security best practice violations on your public cloud infrastructure.
Data Collected	Provider Region Resource name Resource type Service name Service category Create date Last modified date Configuration message
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Cloud One - Conformity > Data upload permission > Off

Trend Micro Deep Discovery Inspector
Description	By deploying and connecting Deep Discovery Inspector, Trend Micro can extract network insights to discover targeted attacks, advanced threats, and unmanaged devices. Deploy and connect Deep Discovery Inspector using Network Inventory to monitor your network and begin receiving and analyzing detection data.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port Endpoint IP Peer IP File path File name Username Sender email address
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Discovery Inspector > Network Inventory

Trend Micro Web Security
Description	By enabling and deploying the Web Sensor, Trend Micro can analyze web activities, detect threats, and determine the web applications and websites being accessed by managed users and devices in and outside your corporate network.
Data Collected	Username Department Device name User principal name AD domain URL accessed Browsing time
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Web Security > Product Instance

Trend Micro Mobile Security
Description	By installing and enabling mobile agents throughout your network, Trend Micro can analyze mobile user activities, detect threats and risky mobile apps, and determine the cloud apps being accessed by managed devices. Install more agents to gain better insight into your users' mobile device related risks throughout your network. Mobile agent only supports Android 7.0 and above.
Data Collected	Logon user User principal name IP address App name App package name Device hostname OS name URL
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Mobile Security > Mobile Inventory

Trend Vision One Container Security
Description	By deploying and connecting Container Security, Trend Micro can gain better insights into your containers and images for vulnerabilities, detected threats, and system configuration risks. Deploy and connect Container Security through the Container Inventory app to monitor your container environment and begin receiving and analyzing detection and vulnerability data.
Data Collected	Kubernetes Service Information Cluster name Cluster description Cluster application version Service UID Resource name Namespace Create time Network type IP addresses Ports Kubernetes Pod Information Pod name Pod UID Namespace Create time Owners Dispatched IP Pod volumes Node name Labels Annotations ECS Service Information Cluster ARN Service ARN Service name Create time Network configuration Task definition ECS Task Information Service UID Cluster ARN Task group Task ARN Task description Task create time Task launch type Task tags Task container instance ARN Task definition Node Information Node name Node UID Node create time IP addresses OS Image Kernel version Container runtime version Kubernetes version Container Information Pod ID Container ID Container name Task ID Task GUID Task ARN Image ID Start command Environment variables Exposed ports Security context Mounted volumes Start time
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Vision One Container Security > Container Inventory

TippingPoint Security Management System
Description	Allow TippingPoint Security Management System (SMS) to act as a data source to access network-related detections and filter rule status to gain more comprehensive risk insights into your network activity.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port CVE ID URL
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > TippingPoint Security Management System > Network Intrusion Prevention

Zero Trust Secure Access - Private Access
Description	After setting up the Zero Trust Secure Access - Private Access Service in your environment, Trend Micro can analyze user and device risk, detect threats, and limit access to internal applications to authorized personnel.
Data Collected	Event time Logon user User principal name User display name Event information OS name Endpoint GUID Host name External IP Endpoint IP
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Private Access > Zero Trust Secure Access

Zero Trust Secure Access - Internet Access
Description	After setting up the Zero Trust Secure Access - Internet Access Service in your environment, Trend Micro can analyze user access to web applications outside your corporate network and detect threats.
Data Collected	Event time Identity ID Username User principal name Payload size Body size Access duration AD domain Department Request URL URL category Device name Action Malware type Malware name Profile name App ID App name App category Location
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Internet Access > Zero Trust Secure Access

THIRD-PARTY DATA SOURCES

Microsoft Entra ID
Description	Grant Trend Micro permission to access your Azure AD data in order to gain deeper insight regarding the apps and devices your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports: User profiles User risk score trends Device profiles Device risk score trends Cloud app usage (by app) Cloud app usage (by category) Account compromise assessment (leaked account and suspicious user activity)
Data Collected	User information User ID User display name User principal name IP address Groups Location (city, state , country) Email address Job title Department Given name Surname Email nickname IM addresses Last password change datetime Applications being used App ID App display name Client app used Sign-in logs Sign-in initiated time Device detail (Browser and OS) Location Status Conditional access status Correlation ID Risk state Risk detail Risk level aggregated Risk level during sign-in Risk event types Resource display name Resource ID
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Azure AD > Manage permissions and integration settings in Third-Party Integration

Active Directory (on-premises)
Description	Grant Trend Micro permission to access your on-premises Active Directory data in order to gain deeper insight regarding your internal user accounts and devices that contribute to risk analyses.
Data Collected	User information Canonical name Username SAM account name User principal name User display name Description Distinguished name Given name Surname Email address Company name Department Job title SID Account enabled Domain Direct parent group All parent groups Usage location Last password change time Group information Canonical name Description Distinguished name Member SAM account name Display name Email address Direct parent group All parent groups Direct members All members Computer information Canonical name Distinguished name Country code Display name Description SAM account name DNS host name Bad password time Bad password count Last logon Last logoff Logon count OS Service principal name Direct parent group All parent groups Event log Timestamp Agent ID System event ID System time created System security System computer IP address IP port Logon type Member SID New UAC value Old UAC value Password last set Primary group ID Privilege list Process ID Process name Service name Service SID Status Sub-status Subject domain name Subject logon ID Subject username Subject user SID Target domain name Target linked logon ID Target logon ID Target SID Target username Target user SID Virtual account Workstation Workstation name
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Active Directory (on-premises) > Configure Active Directory in Third Party Integration

Nessus Pro Tenable Security Center
Description	Grant Trend Micro permission to access your Nessus Pro or Tenable Security Center (formerly Tenable.sc) data in order to gather device information and CVE detections, contributing to risk analyses. Through Nessus Pro integration, you gain access to the following insightful reports: Operating systems with highly-exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Host FQDN NetBIOS name BIOS UUID Workgroup Host name Device OS Logon user IP address MAC address CVE ID
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Nessus Pro > Configure Nessus Pro in Third Party Integration Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Security Center > Configure integration settings in Third-Party Integration

Office 365 usage
Description	Grant Trend Micro permission to access Office 365 usage reports resources and useful data about people and documents they interact with in order to gain deeper insight regarding the Microsoft 365 resources your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports: OneDrive activity and usage SharePoint activity and usage Outlook activity and usage Teams activity and usage
Data Collected	OneDrive activity report Report refresh date User principal name Deleted Deleted date Last activity date Files viewed or edited (count) Files synced (count) Files shared internally (count) Files shared externally (count) Products assigned Report period OneDrive usage report Report refresh date Site URL Owner username Owner principal name Deleted Last activity date Files (count) Active files (count) Storage used (Byte) Storage allocated (Byte) Report period SharePoint activity report Report refresh date User principal name Deleted Deleted date Last activity date Files viewed or edited (count) Files synced (count) Files shared internally (count) Files shared externally (count) Pages visited (count) Products assigned Report period SharePoint site usage report Report refresh date Site ID Site URL Site owner username Site owner principal name Deleted Last activity date Files (count) Active files (count) Page views (count) Page visited (count) Storage used (Byte) Storage allocated (Byte) Root web template Report period Outlook email app usage report Report refresh date User principal name Display Name Deleted Deleted date Last activity date Outlook (Mac) Outlook (Windows) Outlook (Mobile) Mobile Outlook on the web POP3 app IMAP4 app SMTP app Report period Mailbox usage report Report refresh date User principal name Display name Deleted Deleted date Created date Last activity date Item count Storage used (Byte) Issue warning quota (Byte) Prohibit send quota (Byte) Prohibit send/receive quota (Byte) Deleted Item Count Deleted Item Size (Byte) Report period Email activity report Report refresh date User principal name Display name Deleted Deleted date Last activity date Send actions (count) Receive actions (count) Read actions (count) Products assigned Report period Microsoft Teams user activity report Report refresh date User principal name Last activity date Deleted Deleted date Products assigned Channel messages (count) Chat messages (count) 1:1 calls (count) Total meetings (count) Other activity Report period
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Office 365 > Activity data upload permission > Off

OKTA
Description	Grant Trend Micro permission to access your Okta data in order to gain deeper insight regarding the apps your users access and the behaviors that contribute to users' risk analyses. Through Okta integration, you gain access to the following insightful reports: User profiles User risk score trends Cloud app usage (by app) Cloud app usage (by category)
Data Collected	User information User ID User display name User principal name Location (country, state, city) Job title Email address User type Company name Department Given name Surname Nickname Group Second email address Account create datetime Last password change datetime Sign-in logs Sign-in event time User principal name Endpoint IP address Request URI Device OS Device browser User ID User display name Location (country, state, city, postcode, geolocation) Sign-in status
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Okta > Configure Okta integration settings in Third-Party Integration

Open LDAP
Description	Grant Trend Micro permission to access Directory Service data from your OpenLDAP server in order to gain deeper insight regarding your internal user accounts that contribute to risk analyses.
Data Collected	User information UUID CSN DN CN Display name Domain name Surname Given name Mail GECOS GID number UID UID number Home directory Login shell Direct parent group All parent group Group information UUID CSN DN CN Domain name Direct members All members
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > OpenLDAP > Configure OpenLDAP integration settings in Third-Party Integration

Qualys
Description	Grant Trend Micro permission to access your Qualys data in order to gather device information and CVE detections, contributing to risk analyses. Through Qualys integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Hostname Host ID Device OS Logon users Last logon user IP address MAC address Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Qualys > Data upload permission > Off

Rapid 7 - InsightVM / Nexpose
Description	Grant Trend Micro permission to access your Rapid7 InsightVM or Nexpose data, including device information and CVE detections, via the Rapid7 Security Console. Through Rapid7 - InsightVM / Nexpose integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	ID IP address MAC address Hostname OS Services Software installed Users User groups Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - InsightVM > Data upload permission > Off Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - Nexpose > Configure integration settings in Third-Party Integration

Splunk - Network Firewall / Web Gateway Logs
Description	The Attack Surface Risk Management for Splunk app connects your Splunk data with Trend Micro datalakes revealing web access footprints based on Firewall and Web Gateway activity.
Data Collected	Event time Source IP address Hostname: from where the event is initiated Website: the URL Count: aggregated times of the access Username: user who initiates the event
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Splunk - Network Firewall / Web Gateway Logs > Configure Splunk - Network Firewall / Web Gateway Logs integration settings in Third-Party Integration

Tenable Vulnerability Management
Description	Grant Trend Micro permission to access your Tenable Vulnerability Management (formerly Tenalbe.io) data in order to gather device information and CVE detections, contributing to risk analyses. Through Tenable Vulnerability Management integration, you gain access to the following insightful reports: Operating systems with highly-exploitable CVEs Applications with highly-exploitable CVEs
Data Collected	ID Agent UUID Agent names Software installed IP address MAC address OS Hostname Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Vulnerability Management > Data upload permission > Off

Tanium Comply
Description	Grant Trend Micro permission to access your Tanium Comply data in order to gather device information and CVE detections, contributing to risk analyses. Through Tanium Comply integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Endpoint name Domain name IP address MAC address OS Last logon user Software installed Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tanium Comply > Data upload permission > Off

Internet Facing Assets
Description	Displays all IP and domain assets that are visible from external internet locations and view detailed IP profile risk assessments.
Data Collected	Domain Hostname IP Tags: categories of asset Running services OS ISP Cloud provider Geolocation SSL CPE: version of applications on assets Vulnerability list
Console Location	Attack Surface Discovery App > Internet Facing Assets > Domain / Public IP > Remove

Medigate
Description	Grant Trend Micro permission to access your Medigate data in order to gather device information and CVE detections to contribute to risk analyses. Through Medigate integration, you gain access to detailed asset profile information.
Data Collected	Device ID Risk score OS category Labels Device type family Vulnerability list MAC address list Device subcategory Assignees Network list Model Device type Device category IP address list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Medigate > Data upload permission > Off

Sandbox Analysis App

Users can disable data collection by disabling submissions.

Data Collected	Data transmitted relates to user submitted object. File Name File Content Archive file password File password Command line arguments URL
Console Location	THREAT INTELLIGENCE > Sandbox Analysis > Submission Settings To enable: Set the daily reserve value to anything between 1 and 10,000. To disable: Set the daily reserve value to 0. ^{Click the image to enlarge.}

Network

Network includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Trend Vision One Virtual Network Sensor
Data Collected & Console Location	Trend Vision One Virtual Network Sensor includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Virtual Network Sensor Data Collection Notice.

Service Gateway

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, it will provide the appliance related information back to Trend Vision One. Customers can disconnect/delete this appliance to disable it via Trend Vision One Service Gateway Management.
Data Collected	Hostname IP address MAC address DNS Customer proxy NTP Server DISK usage CPU usage Memory usage Network throughput Product name of connected devices Connections summary
Console Location	Workflow and Automation > Service Gateway Management
Console Settings

Service Configuration

Service Configuration In Service Gateway
Description	Service Gateway Management opens the service configuration API to service owner, and the detailed configurations are different from service to service.
Data Collected	Specified by the service owner which registers and stores the configuration in Service Gateway.
Console Location	Workflow and Automation > Service Gateway Management > Appliance > Manage Services
Console Settings

Local Active Update Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Active Update service, SG will provide connected product status.
Data Collected	AU URL Specified by the customer the Trend Micro product AU URL and service gateway local AU URL.
Console Location	Workflow and Automation > Service Gateway Management > Appliance, in the Installed Services table, choose ActiveUpdate Service, and then click the "Settings" button

Forward Proxy Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables forward proxy service, SG will provide connected product status
Data Collected	Product Status The Trend Micro product name connected to SG and connect time
Console Location	Workflow and Automation > Service Gateway Management > Connected Products/Servers

Smart Protection Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Smart Protection Service, SG will provide connected product status.
Data Collected	Product Status The Trend Micro product name is connected to SG and connect time
Console Location	Workflow and Automation > Service Gateway Management > Connected Products/Servers

XDR for Cloud

XDR for Cloud – Cloud Detections for AWS CloudTrail automatically collects and transmits the following data, some of which may be considered personal data in certain jurisdictions, after installing/enabling the product. It is necessary to collect this data to provide the security functions on this product. Therefore, you cannot disable these features. If you do not want Trend Micro to access this data, you should uninstall and stop using the product.

Cloud Detections for AWS CloudTrail
Description	This information is used to analyze threats to customers' AWS account activity.
Data Collected	AWS account ID AWS CloudTrail configuration AWS CloudTrail events
Console Location	This feature cannot be disabled.

Data Posture

Data Posture allows customer to bind their cloud accounts to Trend Vision One, which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by unbinding cloud accounts.

Description	Choose the cloud accounts that need to opt-out from data collection and click “Remove” button to disconnect from Trend Micro and stop data being transmitted to Trend Micro.
Data Collected	AWS Account ID AWS Macie Configuration AWS Macie Custom Data Identifier AWS S3 Bucket Name AWS S3 Bucket Meta Data
Console Location	Login Vision One Portal > Service Management > Cloud Accounts ^{Click the image to enlarge.}

Trend Vision One Data Center Locations

Region/Country of Purchase	Data Center Location for Microsoft Entra ID ^{Future Site for new Customers}*	Data Center Location for AWS ^{Future Site for new Customers}*
USA	East US – N. Virginia	East US – N. Virginia
EU	West Europe-Netherlands	Frankfurt, Germany
Japan	Tokyo, Japan	Tokyo, Japan
SG	Singapore	Singapore
ANZ	Australia Central *Canberra, Australia	Sydney, Australia
India	Mumbai	Mumbai
Middle East and Africa	UAE	UAE

Keywords: xdr data collected,collected info by xdr,notice for xdr data collected,information collection notice,GDPR notice for XDR,vision one,security assessment,assessment service

Trend Vision One™ Data Collection Notice

Product / Version includes:

Trend Vision OneAll

Last updated: 2024/12/09

Solution ID: KA-0010805

Category: Configure

Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the related product consoles where you can turn off the features.

Endpoint Sensor
Standard Endpoint Protection
Server & Workload Protection
Email and Collaboration Security
Container Security
Zero Trust Secure Access
Mobile Security
XDR Portal
Security Assessment Service
Attack Surface Risk Management
Sandbox Analysis App
Common Directory
Network
- Network Inventory
- Virtual Network Sensor
Service Gateway Management
XDR for Cloud
- Cloud Detections for AWS CloudTrail
Data Posture

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Trend Vision One Data Center Locations

General Trend Vision One Service

Data Collected	Email Phone number Contact names IP Address
Console Location	Data provided to Trend Micro during on-boarding process and during normal service delivery.
Console Settings	Account Management - Name and email required if additional accounts are created.

Configurable Additional Data Collection Using the Trend Vision One Console

Description fields
Data Collected	Customer provided text
Console Location	Various locations throughout the Trend Vision One product console Optional: Free-Form Text field for customer user to provide additional information at their discretion. Please do not enter any personal or sensitive information.

Share your Feedback
Data Collected	Customer provided text Optional- Customers may submit feature requests and ideas to the Trend Vision One Product team. Please do not input any personal or sensitive information into the feedback form.
Console Location	[XDR Resource Center menu icon] > Share Your Feedback > Make a Suggestion
Console Settings	Make a Suggestion

Search App
Data Collected	Saved queries of search history, including: Names (user, domain, file, object) UserID Email addresses IP addresses Browsing history Command history Optional: User can save the search parameters for future queries.
Console Location

Response App
Description	Response app collect Endpoint information when customer take response actions. It stores these data to record the task history. It collects file when customer take collect file action. It stores these data for customer downloading and threat investigate app like sandbox. It can take the following actions on account name: Enable User Account Disable User Account Force Reset Password Force Sign Out The task histories contain the account name.
Data Collected	Endpoint IP Endpoint Hostname File Path Email Address Email Subjsect File Account Name
Console Location

Security Playbooks
Description	Security Playbooks collects data when customers configure security playbooks and when security playbooks execute.
Data Collected	IP address Hostname Fully Qualified Domain Name OS name OS type Email address File File name File path URL Device GUID Device name User Principal Name Account name Account type Account role CVE ID
Console Location	Workflow And Automation > Security Playbooks > Templates Workflow And Automation > Security Playbooks > Templates > Create playbook from template Workflow And Automation > Security Playbooks > Playbooks Workflow And Automation > Security Playbooks > Execution Results

Trend Vision One Terms of Service (Endpoint Basecamp)
Data Collected	Endpoint name IP address Mac address After customers agree to the Terms of Service, Privacy Notice and Data Collection Notice, the data collection can’t be disabled
Console Location	To enable: Trend Micro XDR Terms of Service > I agree to the Terms of Service, Privacy Notice, and Data Collection Notice > Get Started To disable: Open Task Scheduler on each endpoint and disable the "Trend Micro Endpoint Basecamp" scheduled task. Run Windows Task Scheduler > Click Task Scheduler Library > right-click Trend Micro Endpoint Basecamp > Disable

Email Inventory
Data Collected	Account name User display name Group name User membership Mailbox account Email address The data collection can't be disabled when customers use Email Inventory.
Console Location	To enable: Email Inventory > configure the following: Use the Exchange Web Service Managed API for quarantine management Use the Graph API to access all mailboxes Access the user profiles and mailboxes To disable: Click the Help icon > Contact Support, and open a support ticket.

Endpoint Inventory - Enable Trend Vision One capabilities
Data Collected	Command line File name File owner File signer Host name IP address Process owner Registry data User name URL Windows event log
Console Location	To enable: Endpoint Inventory > Available endpoints tab > [select endpoint] > Enable To Disable: Endpoint Inventory > Reporting to XDR tab > [select endpoint] > Disable

The user ID and user account are used for user behavior tracking and auditing. The company ID identifies which company this customer belongs to.

Endpoint Security Policies
Data Collected	User ID User Account Company ID
Console Location	Security Policies > Endpoint
Console Settings	Endpoint

XDR Portal

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

XDR Portal (First Time)
Description	XDR Portal use these information for customer log on and data display on portal.
Data Transmitted to Trend Micro	Contact Name Account ID Email Address CLP company ID Company Name Country/Region Display name Credit Create Time Credit Expiration Time Credit Stock Id Credit Stock Type Entitlement Start Time Entitlement End Time Entitlement ID Entitlement Source
Feature Configuration Location

XDR Portal Alert Notification
Description	XDR Portal UI use this information to let customer can receive alert notification by email
Data Transmitted to Trend Micro	Email address Webhook URL
Feature Configuration Location

XDR Portal Product Connector
Description	XDR Portal use this information to detect product connection status and display on portal
Data Transmitted to Trend Micro	Device ID
Feature Configuration Location

XDR Portal UI Pendo
Description	XDR Portal UI analysis customer behavior for product usage and product enhancements
Data Transmitted to Trend Micro	IP address, User Behavior User Agent Browser Name Browser Version Account ID CLP CompanyID
Feature Configuration Location

XDR Portal UI Pendo
Description	When customers submit feedback through the Pendo Feedback tool, their email address is sent to product managers so the product managers can respond to and acknowledge the customer's submission. When feedback is actioned, the product manager will update the customer using the email associated with the feature / enhancement request in the Pendo feedback tool.
Data Transmitted to Trend Micro	Email Address

Security Assessment Service

Trend Vision One Security Assessment Service
Data Collected & Console Location	Trend Vision One Security Assessment Service includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Security Assessment Service Data Collection Notice.

Attack Surface Risk Management

Trend Vision One XDR Sensors

Endpoint Sensor
Description	By installing and enabling endpoint sensors throughout your network, Trend Micro can analyze endpoint data that includes user activities, cloud app access, and endpoint vulnerabilities to provide risk insights. Install more sensors to gain better insight into your users' cloud app usage throughout your network. You must install agents and enable XDR Sensors using Endpoint Inventory to begin receiving activity data.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses MAC address Suspicious file path Suspicious file name Suspicious file hash URL OS name OS version OS build number OS patch level OS SKU Agent ID Installed software name Installed software version Software installation path Software patch information
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Endpoint Sensor > Endpoint Inventory

Email Sensor
Description	By enabling Trend Vision One Email Sensor in Email Account Inventory, Trend Micro can analyze email activities and detect threats on monitored Exchange Online and Gmail mailboxes. You must monitor mailboxes using Email Account Inventory to begin receiving activity data.
Data Collected	Event time User principal name Domain name SAM account name URL Email attachment information Email meta information
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Email Inventory

Network Sensor
Description	By enabling Trend Vision One Network Sensor, Trend Micro can analyze network activity from your monitored network traffic to discover suspicious traffic and abnormal behavior. You must enable Network Analytics using Network Inventory to begin receiving and analyzing network activity data.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port Endpoint IP Peer IP File path File name Username Sender email address
Console Location	Executive Dashboard App > Data source configuration > TREND VISION ONE XDR SENSORS > Trend Vision One Network Sensor > Network Inventory

Trend Micro Security Services

Security Agents
Description	By installing security agents throughout your network, Trend Micro can analyze endpoint data that includes user activities, web activities, cloud app access, security settings, and threat detections to provide risk insights.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses MAC address Suspicious file path Suspicious file name Suspicious file hash URL OS name OS version OS build number OS patch level OS SKU Agent ID Installed software name Installed software version Software installation path Software patch information Product configuration
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Standard Endpoint Protection > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Server & Workload Protection > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One as a Service > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Apex One On-premises > Product Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Instance Trend Cloud One - Endpoint & Workload Security > Product Instance Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Security > Product Instance

Cloud Email and Collaboration Protection
Description	Connect Cloud Email and Collaboration Protection using the Product Instance app to analyze detected threats and security settings on monitored Google Gmail and Office 365 apps.
Data Collected	File name File SHA1 File MD5 User principal name SharePoint/OneDrive file path URL File upload time File type Email meta information
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email and Collaboration Protection > Product Instance

Cloud Email Gateway Protection
Description	Cloud Email Gateway Protection analyzes email activities, security settings, and detected threats on monitored email gateways. Connect this data source to Trend Vision One through the Product Connector app.
Data Collected	Primary email User principal name User display name Department Tenant name Group name Email meta information Server host name Server domain Server OS name Server OS version Server IP address Server MAC address Server Interfaces
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Cloud Email Gateway Protection > Product Instance

Trend Cloud One - Conformity
Description	By connecting Conformity, which has a growing public library of 900+ cloud infrastructure configuration best practices for your AWS, Microsoft Azure, and Google Cloud environments, Attack Surface Risk Management can automatically monitor your cloud infrastructure, and provide instant visibility into compliance and security best practice violations on your public cloud infrastructure.
Data Collected	Provider Region Resource name Resource type Service name Service category Create date Last modified date Configuration message
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Cloud One - Conformity > Data upload permission > Off

Trend Micro Deep Discovery Inspector
Description	By deploying and connecting Deep Discovery Inspector, Trend Micro can extract network insights to discover targeted attacks, advanced threats, and unmanaged devices. Deploy and connect Deep Discovery Inspector using Network Inventory to monitor your network and begin receiving and analyzing detection data.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port Endpoint IP Peer IP File path File name Username Sender email address
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Deep Discovery Inspector > Network Inventory

Trend Micro Web Security
Description	By enabling and deploying the Web Sensor, Trend Micro can analyze web activities, detect threats, and determine the web applications and websites being accessed by managed users and devices in and outside your corporate network.
Data Collected	Username Department Device name User principal name AD domain URL accessed Browsing time
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Web Security > Product Instance

Trend Micro Mobile Security
Description	By installing and enabling mobile agents throughout your network, Trend Micro can analyze mobile user activities, detect threats and risky mobile apps, and determine the cloud apps being accessed by managed devices. Install more agents to gain better insight into your users' mobile device related risks throughout your network. Mobile agent only supports Android 7.0 and above.
Data Collected	Logon user User principal name IP address App name App package name Device hostname OS name URL
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Micro Mobile Security > Mobile Inventory

Trend Vision One Container Security
Description	By deploying and connecting Container Security, Trend Micro can gain better insights into your containers and images for vulnerabilities, detected threats, and system configuration risks. Deploy and connect Container Security through the Container Inventory app to monitor your container environment and begin receiving and analyzing detection and vulnerability data.
Data Collected	Kubernetes Service Information Cluster name Cluster description Cluster application version Service UID Resource name Namespace Create time Network type IP addresses Ports Kubernetes Pod Information Pod name Pod UID Namespace Create time Owners Dispatched IP Pod volumes Node name Labels Annotations ECS Service Information Cluster ARN Service ARN Service name Create time Network configuration Task definition ECS Task Information Service UID Cluster ARN Task group Task ARN Task description Task create time Task launch type Task tags Task container instance ARN Task definition Node Information Node name Node UID Node create time IP addresses OS Image Kernel version Container runtime version Kubernetes version Container Information Pod ID Container ID Container name Task ID Task GUID Task ARN Image ID Start command Environment variables Exposed ports Security context Mounted volumes Start time
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Trend Vision One Container Security > Container Inventory

TippingPoint Security Management System
Description	Allow TippingPoint Security Management System (SMS) to act as a data source to access network-related detections and filter rule status to gain more comprehensive risk insights into your network activity.
Data Collected	Device GUID Host name Source IP Source port Destination IP Destination port CVE ID URL
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > TippingPoint Security Management System > Network Intrusion Prevention

Zero Trust Secure Access - Private Access
Description	After setting up the Zero Trust Secure Access - Private Access Service in your environment, Trend Micro can analyze user and device risk, detect threats, and limit access to internal applications to authorized personnel.
Data Collected	Event time Logon user User principal name User display name Event information OS name Endpoint GUID Host name External IP Endpoint IP
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Private Access > Zero Trust Secure Access

Zero Trust Secure Access - Internet Access
Description	After setting up the Zero Trust Secure Access - Internet Access Service in your environment, Trend Micro can analyze user access to web applications outside your corporate network and detect threats.
Data Collected	Event time Identity ID Username User principal name Payload size Body size Access duration AD domain Department Request URL URL category Device name Action Malware type Malware name Profile name App ID App name App category Location
Console Location	Executive Dashboard App > Data source configuration > TREND MICRO SECURITY SERVICES > Zero Trust Secure Access - Internet Access > Zero Trust Secure Access

THIRD-PARTY DATA SOURCES

Microsoft Entra ID
Description	Grant Trend Micro permission to access your Azure AD data in order to gain deeper insight regarding the apps and devices your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports: User profiles User risk score trends Device profiles Device risk score trends Cloud app usage (by app) Cloud app usage (by category) Account compromise assessment (leaked account and suspicious user activity)
Data Collected	User information User ID User display name User principal name IP address Groups Location (city, state , country) Email address Job title Department Given name Surname Email nickname IM addresses Last password change datetime Applications being used App ID App display name Client app used Sign-in logs Sign-in initiated time Device detail (Browser and OS) Location Status Conditional access status Correlation ID Risk state Risk detail Risk level aggregated Risk level during sign-in Risk event types Resource display name Resource ID
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Azure AD > Manage permissions and integration settings in Third-Party Integration

Active Directory (on-premises)
Description	Grant Trend Micro permission to access your on-premises Active Directory data in order to gain deeper insight regarding your internal user accounts and devices that contribute to risk analyses.
Data Collected	User information Canonical name Username SAM account name User principal name User display name Description Distinguished name Given name Surname Email address Company name Department Job title SID Account enabled Domain Direct parent group All parent groups Usage location Last password change time Group information Canonical name Description Distinguished name Member SAM account name Display name Email address Direct parent group All parent groups Direct members All members Computer information Canonical name Distinguished name Country code Display name Description SAM account name DNS host name Bad password time Bad password count Last logon Last logoff Logon count OS Service principal name Direct parent group All parent groups Event log Timestamp Agent ID System event ID System time created System security System computer IP address IP port Logon type Member SID New UAC value Old UAC value Password last set Primary group ID Privilege list Process ID Process name Service name Service SID Status Sub-status Subject domain name Subject logon ID Subject username Subject user SID Target domain name Target linked logon ID Target logon ID Target SID Target username Target user SID Virtual account Workstation Workstation name
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Active Directory (on-premises) > Configure Active Directory in Third Party Integration

Nessus Pro Tenable Security Center
Description	Grant Trend Micro permission to access your Nessus Pro or Tenable Security Center (formerly Tenable.sc) data in order to gather device information and CVE detections, contributing to risk analyses. Through Nessus Pro integration, you gain access to the following insightful reports: Operating systems with highly-exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Host FQDN NetBIOS name BIOS UUID Workgroup Host name Device OS Logon user IP address MAC address CVE ID
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Nessus Pro > Configure Nessus Pro in Third Party Integration Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Security Center > Configure integration settings in Third-Party Integration

Office 365 usage
Description	Grant Trend Micro permission to access Office 365 usage reports resources and useful data about people and documents they interact with in order to gain deeper insight regarding the Microsoft 365 resources your users' access, and the behaviors that contribute to users' risk analyses. Through Azure AD integration, you gain access to the following insightful reports: OneDrive activity and usage SharePoint activity and usage Outlook activity and usage Teams activity and usage
Data Collected	OneDrive activity report Report refresh date User principal name Deleted Deleted date Last activity date Files viewed or edited (count) Files synced (count) Files shared internally (count) Files shared externally (count) Products assigned Report period OneDrive usage report Report refresh date Site URL Owner username Owner principal name Deleted Last activity date Files (count) Active files (count) Storage used (Byte) Storage allocated (Byte) Report period SharePoint activity report Report refresh date User principal name Deleted Deleted date Last activity date Files viewed or edited (count) Files synced (count) Files shared internally (count) Files shared externally (count) Pages visited (count) Products assigned Report period SharePoint site usage report Report refresh date Site ID Site URL Site owner username Site owner principal name Deleted Last activity date Files (count) Active files (count) Page views (count) Page visited (count) Storage used (Byte) Storage allocated (Byte) Root web template Report period Outlook email app usage report Report refresh date User principal name Display Name Deleted Deleted date Last activity date Outlook (Mac) Outlook (Windows) Outlook (Mobile) Mobile Outlook on the web POP3 app IMAP4 app SMTP app Report period Mailbox usage report Report refresh date User principal name Display name Deleted Deleted date Created date Last activity date Item count Storage used (Byte) Issue warning quota (Byte) Prohibit send quota (Byte) Prohibit send/receive quota (Byte) Deleted Item Count Deleted Item Size (Byte) Report period Email activity report Report refresh date User principal name Display name Deleted Deleted date Last activity date Send actions (count) Receive actions (count) Read actions (count) Products assigned Report period Microsoft Teams user activity report Report refresh date User principal name Last activity date Deleted Deleted date Products assigned Channel messages (count) Chat messages (count) 1:1 calls (count) Total meetings (count) Other activity Report period
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Office 365 > Activity data upload permission > Off

OKTA
Description	Grant Trend Micro permission to access your Okta data in order to gain deeper insight regarding the apps your users access and the behaviors that contribute to users' risk analyses. Through Okta integration, you gain access to the following insightful reports: User profiles User risk score trends Cloud app usage (by app) Cloud app usage (by category)
Data Collected	User information User ID User display name User principal name Location (country, state, city) Job title Email address User type Company name Department Given name Surname Nickname Group Second email address Account create datetime Last password change datetime Sign-in logs Sign-in event time User principal name Endpoint IP address Request URI Device OS Device browser User ID User display name Location (country, state, city, postcode, geolocation) Sign-in status
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Okta > Configure Okta integration settings in Third-Party Integration

Open LDAP
Description	Grant Trend Micro permission to access Directory Service data from your OpenLDAP server in order to gain deeper insight regarding your internal user accounts that contribute to risk analyses.
Data Collected	User information UUID CSN DN CN Display name Domain name Surname Given name Mail GECOS GID number UID UID number Home directory Login shell Direct parent group All parent group Group information UUID CSN DN CN Domain name Direct members All members
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > OpenLDAP > Configure OpenLDAP integration settings in Third-Party Integration

Qualys
Description	Grant Trend Micro permission to access your Qualys data in order to gather device information and CVE detections, contributing to risk analyses. Through Qualys integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Hostname Host ID Device OS Logon users Last logon user IP address MAC address Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Qualys > Data upload permission > Off

Rapid 7 - InsightVM / Nexpose
Description	Grant Trend Micro permission to access your Rapid7 InsightVM or Nexpose data, including device information and CVE detections, via the Rapid7 Security Console. Through Rapid7 - InsightVM / Nexpose integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	ID IP address MAC address Hostname OS Services Software installed Users User groups Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - InsightVM > Data upload permission > Off Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Rapid7 - Nexpose > Configure integration settings in Third-Party Integration

Splunk - Network Firewall / Web Gateway Logs
Description	The Attack Surface Risk Management for Splunk app connects your Splunk data with Trend Micro datalakes revealing web access footprints based on Firewall and Web Gateway activity.
Data Collected	Event time Source IP address Hostname: from where the event is initiated Website: the URL Count: aggregated times of the access Username: user who initiates the event
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Splunk - Network Firewall / Web Gateway Logs > Configure Splunk - Network Firewall / Web Gateway Logs integration settings in Third-Party Integration

Tenable Vulnerability Management
Description	Grant Trend Micro permission to access your Tenable Vulnerability Management (formerly Tenalbe.io) data in order to gather device information and CVE detections, contributing to risk analyses. Through Tenable Vulnerability Management integration, you gain access to the following insightful reports: Operating systems with highly-exploitable CVEs Applications with highly-exploitable CVEs
Data Collected	ID Agent UUID Agent names Software installed IP address MAC address OS Hostname Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tenable Vulnerability Management > Data upload permission > Off

Tanium Comply
Description	Grant Trend Micro permission to access your Tanium Comply data in order to gather device information and CVE detections, contributing to risk analyses. Through Tanium Comply integration, you gain access to the following insightful reports: Operating systems with highly exploitable CVEs Applications with highly exploitable CVEs
Data Collected	Endpoint name Domain name IP address MAC address OS Last logon user Software installed Vulnerability list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Tanium Comply > Data upload permission > Off

Internet Facing Assets
Description	Displays all IP and domain assets that are visible from external internet locations and view detailed IP profile risk assessments.
Data Collected	Domain Hostname IP Tags: categories of asset Running services OS ISP Cloud provider Geolocation SSL CPE: version of applications on assets Vulnerability list
Console Location	Attack Surface Discovery App > Internet Facing Assets > Domain / Public IP > Remove

Medigate
Description	Grant Trend Micro permission to access your Medigate data in order to gather device information and CVE detections to contribute to risk analyses. Through Medigate integration, you gain access to detailed asset profile information.
Data Collected	Device ID Risk score OS category Labels Device type family Vulnerability list MAC address list Device subcategory Assignees Network list Model Device type Device category IP address list
Console Location	Executive Dashboard App > Data source configuration > THIRD-PARTY DATA SOURCES > Medigate > Data upload permission > Off

Sandbox Analysis App

Users can disable data collection by disabling submissions.

Data Collected	Data transmitted relates to user submitted object. File Name File Content Archive file password File password Command line arguments URL
Console Location	THREAT INTELLIGENCE > Sandbox Analysis > Submission Settings To enable: Set the daily reserve value to anything between 1 and 10,000. To disable: Set the daily reserve value to 0. ^{Click the image to enlarge.}

Network

Trend Vision One Virtual Network Sensor
Data Collected & Console Location	Trend Vision One Virtual Network Sensor includes some modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information, instructions to opt-out of the personal data collection, as well as modules that cannot be disabled are provided in this article: Trend Vision One Virtual Network Sensor Data Collection Notice.

Service Gateway

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, it will provide the appliance related information back to Trend Vision One. Customers can disconnect/delete this appliance to disable it via Trend Vision One Service Gateway Management.
Data Collected	Hostname IP address MAC address DNS Customer proxy NTP Server DISK usage CPU usage Memory usage Network throughput Product name of connected devices Connections summary
Console Location	Workflow and Automation > Service Gateway Management
Console Settings

Service Configuration

Service Configuration In Service Gateway
Description	Service Gateway Management opens the service configuration API to service owner, and the detailed configurations are different from service to service.
Data Collected	Specified by the service owner which registers and stores the configuration in Service Gateway.
Console Location	Workflow and Automation > Service Gateway Management > Appliance > Manage Services
Console Settings

Local Active Update Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Active Update service, SG will provide connected product status.
Data Collected	AU URL Specified by the customer the Trend Micro product AU URL and service gateway local AU URL.
Console Location	Workflow and Automation > Service Gateway Management > Appliance, in the Installed Services table, choose ActiveUpdate Service, and then click the "Settings" button

Forward Proxy Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables forward proxy service, SG will provide connected product status
Data Collected	Product Status The Trend Micro product name connected to SG and connect time
Console Location	Workflow and Automation > Service Gateway Management > Connected Products/Servers

Smart Protection Service

Service Gateway Management
Description	When the Service Gateway appliance is registered to Trend Vision One/Service Gateway Management, and enables Smart Protection Service, SG will provide connected product status.
Data Collected	Product Status The Trend Micro product name is connected to SG and connect time
Console Location	Workflow and Automation > Service Gateway Management > Connected Products/Servers

XDR for Cloud

Cloud Detections for AWS CloudTrail
Description	This information is used to analyze threats to customers' AWS account activity.
Data Collected	AWS account ID AWS CloudTrail configuration AWS CloudTrail events
Console Location	This feature cannot be disabled.

Data Posture

Description	Choose the cloud accounts that need to opt-out from data collection and click “Remove” button to disconnect from Trend Micro and stop data being transmitted to Trend Micro.
Data Collected	AWS Account ID AWS Macie Configuration AWS Macie Custom Data Identifier AWS S3 Bucket Name AWS S3 Bucket Meta Data
Console Location	Login Vision One Portal > Service Management > Cloud Accounts ^{Click the image to enlarge.}

Trend Vision One Data Center Locations

Region/Country of Purchase	Data Center Location for Microsoft Entra ID ^{Future Site for new Customers}*	Data Center Location for AWS ^{Future Site for new Customers}*
USA	East US – N. Virginia	East US – N. Virginia
EU	West Europe-Netherlands	Frankfurt, Germany
Japan	Tokyo, Japan	Tokyo, Japan
SG	Singapore	Singapore
ANZ	Australia Central *Canberra, Australia	Sydney, Australia
India	Mumbai	Mumbai
Middle East and Africa	UAE	UAE

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Vision One™ Data Collection Notice

General Trend Vision One Service

Configurable Additional Data Collection Using the Trend Vision One Console

XDR Portal

Security Assessment Service

Attack Surface Risk Management

Sandbox Analysis App

Network

Service Gateway

Service Configuration

Local Active Update Service

Forward Proxy Service

Smart Protection Service

XDR for Cloud

Data Posture

Trend Vision One Data Center Locations

Trend Vision One™ Data Collection Notice

Product / Version includes:

Summary

General Trend Vision One Service

Configurable Additional Data Collection Using the Trend Vision One Console

XDR Portal

Security Assessment Service

Attack Surface Risk Management

Sandbox Analysis App

Network

Service Gateway

Service Configuration

Local Active Update Service

Forward Proxy Service

Smart Protection Service

XDR for Cloud

Data Posture

Trend Vision One Data Center Locations