Views:

Configure and manage Integrity Monitoring module settings.

Important
Important
  • Managing security settings for Standard Endpoint Protection and Server & Workload Protection features with Endpoint Security Policies is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Integrity Monitoring for Endpoint Security Policies is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Integrity Monitoring is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.
  • Integrity Monitoring only supports TrendAI Vision One™ Endpoint Security agents deployments with Server & Workload Protection features.
  • Integrity Monitoring is an Endpoint Security Pro feature. Endpoint Security Pro requires 25 credits per endpoint. For more information about Endpoint Security packages and credit requirements, see How are credits calculated for TrendAI Vision One™ Endpoint Security?
  • TrendAI™ periodically releases new Integrity Monitoring rules. New rules might appear on the console before your agents update the new ruleset automatically. You can manually force agents to update the rules by making changes to the policy configuration.
  • Navigating between the security modules or leaving Policy Settings discards any unsaved changes. To avoid losing your work, always click Save before navigating to another location in the console.
Integrity Monitoring scans for unexpected changes to registry values, registry keys, services, processes, installed software, ports, and files on endpoints. Using a baseline secure state as a reference, Integrity Monitoring performs scans, logs events, and can provide alerts if unexpected changes are detected.

Procedure

  1. To protect your endpoints with Integrity Monitoring, select Enable.
  2. Configure Recommendation settings.
    Recommendation settings control which Integrity Monitoring rules agents apply when monitoring your endpoints.
    • Use Recommendation Scan to dynamically apply rules to each endpoint: Allow agents to run the Recommendation Scan and dynamically apply recommended rules to each endpoint. Recommendation scan analyzes your security environment and the context for each endpoint, allowing agents to determine which rules with the Dynamic status to trigger and take actions on.
    • Apply Integrity Monitoring rules you have configured to "Always" status : Only triggers and performs actions on a rule if you change the Status of the rule to Always in the Rule status and configuration table.
  3. Manage Rule status and configuration.
    1. Locate the rule you want to configure.
      Use the search and filters to find the rule you want to manage. To view more details about a rule, click the rule name.
    2. Configure the rule status.
      • Dynamic: Agents might apply the rule to trigger and take action on security events depending on your recommendation settings. Dynamic is the default setting. You must manually change the rule status if you want to set a rule to Always or Never.
      • Always: Agents trigger and take action on the rule regardless of your recommendation settings. You can configure up to 350 rules with the always applied status.
      • Never: Agents do not trigger and take action on the rule regardless of your recommendation settings.