Views:

Enable cloud security features and permissions to give Trend Vision One greater visibility and protection over your cloud assets.

Enabling the Cloud Account features and permissions on your AWS accounts allows various Trend Vision One apps and security features to access your cloud account and gain greater visibility over assets and monitor for potential threats. Each feature and permission is described in the table below.
Important
Important
  • Some features support a limited number of AWS regions. For more information, see AWS supported regions and limitations.
  • Agentless Vulnerability & Threat Detection, XDR for Cloud - AWS VPC Flow Logs, and File Security Storage are pre-release sub-features and are not part of the existing features of an official commercial or general release. Please review the Pre-release Sub-Feature Disclaimer before using the sub-features.
  • Cloud Accounts currently does not support the following features for deployment to AWS Organizations:
    • XDR for Cloud - AWS CloudTrail
    • File Security Storage
Feature
Description
Core Features
The core set of features and permissions required to connect your AWS account
Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
Note
Note
Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
The core features enable the following Trend Vision One apps and features to monitor your cloud environment:
  • Attack Surface Risk ManagementAttack Surface DiscoveryCloud Assets
    For more information, see Cloud Assets.
  • Attack Surface Risk ManagementAttack Surface DiscoveryAPIs
    For more information, see APIs.
  • Attack Surface Risk ManagementCloud Posture
    For more information, see Cloud Posture.
  • Data SecurityData Posture
    Enabling Data Posture in Core Features allows you to use AWS Macie to monitor your cloud assets for sensitive data. For more information, see Enable Amazon Macie. If you want to enable Data Posture to monitor sensitive data using Trend Vision One, you must enable Data Posture in the All Features tab.
  • Endpoint SecurityServer & Workload Protection
    EC2 instances and Amazon WorkSpaces can be managed in Server & Workload Protection like any other computer. These instances are tree structures and are treated as computer groups.
    AWS assets are visible in the following locations:
    • EC2 instances appear in the Computers screen, listed under your AWS account by region, VPC, and subnet.
    • Amazon WorkSpaces appear in the Computers screen, listed under your AWS account by region as part of the WorkSpaces group.
    For more information, see Computers.
Note
Note
Your AWS assets appear in the Endpoint Inventory list. Assets without the endpoint agent installed appear as unmanaged endpoints.
Agentless Vulnerability & Threat Detection
The feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your account
This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities and malware in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications. To learn more, see Agentless Vulnerability & Threat Detection.
Note
Note
You can specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic Block Store), ECR (Elastic Container Registry), and Lambda. All resources are included in vulnerability scanning by default. Anti-malware scanning is disabled by default but may be enabled at any time.
Container Protection for Amazon ECS
The feature and permission set to view and protect your containers
This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.
Important
Important
  • As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
  • At this time, the ECS runtime vulnerability scanning feature does not support scanning ECR images installed on AWS accounts where Container Security is not installed.
For more information, see Container Security.
XDR for Cloud - AWS CloudTrail
The feature and permission set to enable Cloud Audit Log Monitoring for your account
This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.
Cloud audit logs are used as a data source in the following Trend Vision One apps and services:
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.
Note
Note
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of August 2024, only XDR for Cloud - AWS CloudTrail logs count towards the data allowance limit. After the official release of AWS VPC Flow Logs, data from both log sources counts towards your data allowance for XDR for Cloud.
Cloud Response for AWS
The feature and permission set to allow response actions for your account
This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
File Security Storage
The feature and permission set to allow the File Security app to monitor and scan files and cloud storage
This feature allows Trend Vision One permission to view and scan files and cloud objects within your cloud storage to search for and detect possible malware. For more information, see File Security.
Real-Time Posture Monitoring
The feature and permission set to enable Real-Time Posture Monitoring for the Cloud Posture app
This feature allows Trend Vision One permission to monitor your cloud account to provide live monitoring with instant threat and remediation alerts for activities and events within your cloud environment. For more information, see Real-Time Posture Monitoring.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
XDR for Cloud - AWS VPC Flow Logs
This feature and permission set enable monitoring of Virtual Private Cloud (VPC) flow logs
This feature set allows Trend Vision One to collect and analyze VPC flow logs to identify and provide alerts for malicious IP traffic, SSH brute force attacks, data exfiltration, and more.
AWS VPC flow logs are used as a data source in the following Trend Vision One apps and services:
  • Threat Intelligence Sweeping
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
You can search for VPC Flow Log events using the Search app by selecting Cloud Activity Data or Network Activity Data as the search method. For more information, see Search method data sources.
This feature has additional requirements and considerations. For more information, see VPC Flow Logs recommendations and requirements.
Note
Note
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of August 2024, only XDR for Cloud - AWS CloudTrail logs count towards the data allowance limit. After the official release of AWS VPC Flow Logs, data from both log sources counts towards your data allowance for XDR for Cloud.
Data Posture
The feature and permission set to allow the Data Posture app to monitor your AWS cloud assets for sensitive data.
This feature gives instant visibility into cloud assets containing sensitive data. Data Posture helps you understand your organization's overall data risk, and to view and address cloud assets with the riskiest sensitive data.
For more information, see Data Posture.
Related information