Views:

Configure and manage Log Inspection module settings.

Important
Important
  • Managing security settings for Standard Endpoint Protection and Server & Workload Protection features with Endpoint Security Policies is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Log Inspection for Endpoint Security Policies is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Log Inspection is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.
  • Log Inspection only supports TrendAI Vision One™ Endpoint Security agents deployments with Server & Workload Protection features.
  • Log Inspection is an Endpoint Security Pro feature. Endpoint Security Pro requires 25 credits per endpoint. For more information about Endpoint Security packages and credit requirements, see How are credits calculated for TrendAI Vision One™ Endpoint Security?
  • TrendAI™ periodically releases new Log Inspection rules. New rules might appear on the console before your agents update the new ruleset automatically. You can manually force agents to update the rules by making changes to the policy configuration.
  • Navigating between the security modules or leaving Policy Settings discards any unsaved changes. To avoid losing your work, always click Save before navigating to another location in the console.
Log Inspection helps you identify important events that might be buried in your operating system and application logs. These events can be sent to a security information and event management (SIEM) system or centralized logging server for correlation, reporting, and archiving.

Procedure

  1. To protect your endpoints with Log Inspection, select Enable.
  2. Configure Recommendation settings.
    Recommendation settings control which Log Inspection rules agents apply when monitoring your endpoints.
    • Use Recommendation Scan to dynamically apply rules to each endpoint: Allow agents to run the Recommendation Scan and dynamically apply recommended rules to each endpoint. Recommendation scan analyzes your security environment and the context for each endpoint, allowing agents to determine which rules with the Dynamic status to trigger and take actions on.
    • Apply Log Inspection rules you have configured to "Always" status : Only triggers and performs actions on a rule if you change the Status of the rule to Always in the Rule status and configuration table.
  3. Manage Rule status and configuration.
    1. Locate the rule you want to configure.
      Use the search and filters to find the rule you want to manage. To view more details about a rule, click the rule name.
    2. Configure the rule status.
      • Dynamic: Agents might apply the rule to trigger and take action on security events depending on your recommendation settings. Dynamic is the default setting. You must manually change the rule status if you want to set a rule to Always or Never.
      • Always: Agents trigger and take action on the rule regardless of your recommendation settings. You can configure up to 350 rules with the always applied status.
      • Never: Agents do not trigger and take action on the rule regardless of your recommendation settings.