Views:

Procedure

  1. For customers that do not already have Conformity, sign up for a free trial.
    1. Go to the sign up form.
      https://cloudone.trendmicro.com/trial
    2. Provide all the required information and complete the reCAPTCHA.
    3. Agree to the terms and conditions, privacy notice, and data collection notice.
    4. Click Sign Up.
    5. Click the Verify Email link in the confirmation email sent to your business email account.
    6. Sign in to activate your Trend Cloud One console.
      Allow a few moments to provision your new console.
    7. Specify an Account Alias for your account.
      You can change your alias later using the console.
    8. Specify the Region in which Trend Cloud One stores all of your data.
    9. Click Continue.
  2. Ensure that you go to Google Cloud and enable all APIs that Conformity requires.
    1. Sign in to Google Cloud.
    2. In the left menu, click APIs & Services.
      gcpEnableAPIsServicesMenu=20220830144741.jpg
    3. Verify that all of the following APIs display in the Enabled APIs & services table.
      • API Keys API
      • BigQuery API
      • Cloud Dataproc API
      • Cloud DNS API
      • Compute Engine API
      • Cloud Key Management Service (KMS) API
      • Cloud Logging API
      • Cloud Pub/Sub API
      • Cloud Resource Manager API
      • Cloud SQL Admin API
      • Cloud Storage API
      • Identity and Access Management (IAM) API
      • Kubernetes Engine API
      gcpEnableAPIsServicesTable=20220830144343.jpg
    4. Enable all missing APIs by repeating the following steps.
      1. Click ENABLE APIS AND SERVICES.
        gcpEnableAPIsServicesButton=20220830144545.jpg
      2. Search for the API name and click the correct result.
      3. Click Enable.
        gcpEnableAPIsServicesKubernetes=20220830144646.jpg
  3. Create the Google Cloud role for usage with the Conformity service account.
    1. In the left menu, go to IAM & AdminRoles.
      gcpIAMRoleMenu=20220830155050.jpg
    2. Click CREATE ROLE.
      gcpCreateRole=20220830155252.jpg
    3. Specify the Title and ID for the new role.
    4. (Optional) Provide a description.
    5. Do not modify the default Role launch stage: Alpha.
    6. Click ADD PERMISSIONS.
      gcpCreateRoleSettings=20220830155959.jpg
    7. Next to the Filter, type the name of the permission.
      gcpPermissionsAdd=20220830160101.jpg
      The role requires all the 34 following permissions:
      • apikeys.keys.list
      • bigquery.datasets.get
      • bigquery.tables.get
      • cloudkms.cryptoKeys.getIamPolicy
      • cloudkms.cryptoKeys.list
      • cloudkms.keyRings.list
      • cloudkms.locations.list
      • cloudSql.instances.list
      • compute.backendServices.list
      • compute.firewalls.list
      • compute.globalForwardingRules.list
      • compute.images.getIamPolicy
      • compute.images.list
      • compute.instances.list
      • compute.networks.list
      • compute.projects.get
      • compute.sslPolicies.list
      • compute.subnetworks.list
      • compute.targetHttpsProxies.list
      • compute.targetSslProxies.list
      • compute.urlMaps.list
      • container.clusters.list
      • dataproc.clusters.list
      • dns.managedZones.list
      • dns.policies.list
      • iam.serviceAccounts.get
      • logging.logMetrics.list
      • logging.sinks.list
      • monitoring.alertPolicies.list
      • pubsub.topics.list
      • resourcemanager.projects.get
      • resourcemanager.projects.getIamPolicy
      • storage.buckets.getIamPolicy
      • storage.buckets.list
    8. Select the permission in the list and click Add.
      gcpAddPermissionAdd=20220830160303.jpg
    9. Repeat for all permissions.
    10. After adding all the required permissions, click the check box at the top of the list for each page until all 34 permissions have been assigned.
      gcpAssignPermissionsCreate=20220830160404.jpg
    11. Click CREATE.
  4. Create the service account in Google Cloud used for the Conformity integration.
    1. In Google Cloud, select the project that you want to protect with Conformity.
    2. In the left menu, go to IAM & AdminService Accounts.
    3. Click CREATE SERVICE ACCOUNT.
      gcpCreateServiceAccount=20220831100202.jpg
    4. Specify the Service account name and a Description, and click CREATE AND CONTINUE.
      gcpServiceAccountName=20220831100303.jpg
    5. Select the customer role you created in step 3 by clicking Select a role and locating the role.
      gcpServiceAccountRole=20220831100404.jpg
    6. Click CONTINUE.
    7. Click DONE.
      Note
      Note
      You do not need to grant users access to this service account.
    8. Create the key used by the service account.
      1. In the Action column for the service account you just created, click the button and select Manage keys.
        gcpManageKeys=20220831112525.jpg
      2. Click ADD KEY and Create new key.
        gcpAddKey=20220831112626.jpg
      3. Leave the default JSON key type and click CREATE.
        gcpJSONkey=20220831112828.jpg
      4. Save the generated JSON file in a secure location for use in the Conformity console.
    Important
    Important
    Add the service account to all projects that you want to protect with Conformity.
  5. Create your Google Cloud project in Conformity.
    1. Sign in to Trend Cloud One.
    2. Click Conformity.
    3. Click Google Cloud Project and click Next.
    4. Specify the display name of the service account used in the Conformity console.
      Note
      Note
      The display name does not need to match the name of the service account in Google Cloud.
    5. Upload the JSON file containing the Google Cloud service account key generated in step 4 and click Next.
      gcpConformityAddAccount=20220831114141.jpg
    6. Select all the Google Cloud projects you want to protect using Conformity and click Next.
      Note
      Note
      You can only view Google Cloud projects that you assigned the service account to in the Google Cloud console.
      gcpConformityProjects=20220831114545.jpg
    7. Review the settings and click Finish.
  6. Connect Conformity with Attack Surface Risk Management using an API Key.
    1. Go to the home screen of the Trend Cloud One console, and click User Management.
    2. In the left menu, click API Keys.
    3. Click New.
    4. Specify the API Key Alias.
    5. In Role, select Read Only.
    6. Click Next.
    7. Copy the API Key immediately.
      Important
      Important
      You cannot access the API Key again after closing the dialog. Copy and store the API Key in a safe location.
    8. In the Trend Vision One console, open the Trend Cloud One - Conformity data source panel.
    9. Paste the API Key from Conformity in the API Key field.
    10. Acknowledge that your Conformity data may be transferred to another data center based on the configured Trend Vision One region.
    11. Click Save.