Views:
Migrating from Cloud Sentry to Trend Vision One Agentless Vulnerability & Threat detection requires you to have a Trend Vision One account. First, you must add your AWS accounts to Trend Vision One and enable Agentless Vulnerability & Threat Detection using the CloudFormation template. Then, you can delete the Cloud Sentry stacks from your AWS accounts and remove the accounts from Trend Cloud One
Installing Trend Vision One Agentless Vulnerability & Threat Detection takes approximately 20 minutes per account across all supported regions. Deleting all deployed resources in the Cloud Sentry stack takes approximately 18 minutes per account.

Add AWS accounts and enable Trend Vision One Agentless Vulnerability & Threat Detection

  1. In the Trend Vision One console, go to Cloud SecurityCloud Accounts.
  2. In the AWS tab, click Add account.
  3. Select CloudFormation as the deployment method and select Single AWS account.
  4. Click Next.
  5. Enter a name for the AWS account to be used in the Trend Vision One console.
  6. Add a description for the account to make the account easier to identify.
  7. Select the region to deploy the CloudFormation Template. The selected region is the primary region where the stack is deployed.
  8. Enable resource tagging and enter a key and value to help track resources deployed by the template.
  9. Click Next.
  10. In Features and Permissions, enable Agentless Vulnerability & Threat Detection.
  11. Select at least one region to which you wish to deploy the feature stack.
  12. Click Scanner settings and expand Agentless Vulnerability & Threat Detection.
  13. Select the resource types to include in scans. EBS, ECR, and Lambda are supported for vulnerability scans by default, while all resources are disabled for anti-malware scanning by default.
  14. In a new browser tab, sign in to your AWS account.
  15. In the Trend Vision One console, click Launch stack.
    • Clicking Launch stack opens the Quick Create Stack screen in the AWS console.
  16. In the AWS console, scroll to the bottom of the Quick Create Stack screen, select the acknowledgment options, and click Create stack.
  17. After the stack deployment completes, go to the Trend Vision One console and click Done. The first scan runs automatically.
Tip
Tip
Agentless Vulnerability & Threat Detection also supports AWS Organization deployment, allowing you to quickly add cloud accounts to Trend Vision One. For details on adding accounts via AWS Organization, see Adding AWS organizations.

Verify detections in Trend Vision One

Agentless Vulnerability & Threat Detection scan results are available in the following locations in the Trend Vision One console:
  • Cloud Security Posture
  • Cyber Risk Overview
  • Threat and Exposure Management
  • Attack Surface Discovery asset profile screens
Important
Important
Due to differences in risk event reporting criteria, not all detections will be shown as new risk events in Threat and Exposure Management, so the number of malware-related risk events may differ from the number in Trend Cloud One.
In Threat and Exposure Management, expand malware-related risk events to view metadata you can used to execute queries in Search for further threat investigation. Click on vulnerability-related risk events to see remediation options for the vulnerability.
If Agentless Vulnerability & Threat Detection is correctly reporting malware and vulnerability detections in Trend Vision One, you can delete the Cloud Sentry stack from your AWS account.