Data sources | Trend Micro

Views:

Connect the data sources required for various queries.

Note

For more information on the log fields currently available for data sources, go to https://trendmicro.github.io/tm-v1-schema/pages/index.

Data sources / processors

Category	Data Source / Processor
Cloud	Agentless Vulnerability & Threat Detection Cloud Network Telemetry File Security File Security Storage Trend Cloud One - Application Security Trend Vision One Container Security XDR for Cloud - AWS CloudTrail XDR for Cloud - AWS VPC Flow Logs XDR for Cloud - Amazon Security Lake XDR for Cloud - Azure Activity Logs
Email	Cloud Email Gateway Protection Cloud Email and Collaboration Protection Email and Collaboration Sensor InterScan Messaging Security Virtual Appliance ScanMail for Microsoft Exchange Cloud App Security Trend Micro Deep Discovery Email Inspector Trend Micro Email Security
Endpoint	Data Detection and Response Endpoint Sensor Server & Workload Protection Standard Endpoint Protection Trend Cloud One - Endpoint & Workload Security Trend Micro Apex Central On-Premises Trend Micro Apex One as a Service Deep Security
Identity	Active Directory (on-premises) Microsoft Entra ID
Network	Mobile Network Security Network Sensor TippingPoint Security Management System Trend Cloud One - Network Security Trend Micro Deep Discovery Inspector Trend Micro Web Security Zero Trust Secure Access Internet Access Zero Trust Secure Access Private Access
Others	TXOne EdgeOne TXOne StellarOne Trend Cloud One - AWS CloudTrail Integration Trend Vision One Mobile Security
Third-Party Logs	All logs sent to Trend Vision One from third-party products For more information, see Configure a Service Gateway to collect third-party logs.

General search and activity data sources

Method

Data Sources

General Search

Trend Micro products and compatible third-party products connected to Trend Vision One

Observed Attack Techniques

Trend Micro products and compatible third-party products connected to Trend Vision One

Note

Use this method when automatically creating a query from configured filters in Observed Attack Techniques.

Cloud Activity Data

Trend Cloud One - Endpoint & Workload Security

XDR for Cloud - AWS VPC Flow Logs

Trend Cloud One - Conformity

Tip

For more information on how to connect Trend Cloud One - Conformity, see:

Container Activity Data

Trend Vision One™ - Container Security

Detections

Trend Micro products and compatible third-party products connected to Trend Vision One

Email and Collaboration Activity Data

Email and Collaboration Sensor

Endpoint Activity Data

Endpoint Sensor

Trend Micro Apex One as a Service

Trend Cloud One - Endpoint & Workload Security

Firewall activity data sources

XDR for Cloud - AWS VPC Flow Logs

Connected Trend Micro products

Identity and Access Activity Data

Microsoft Entra ID

Mobile Activity Data

Trend Micro Mobile Security as a Service

Network Activity Data

Virtual Network Sensor

Deep Discovery Inspector

XDR for Cloud - AWS VPC Flow Logs

Zero Trust Secure Access Private Access

Zero Trust Secure Access Internet Access

Secure Access Activity Data

Zero Trust Secure Access Private Access

Zero Trust Secure Access Internet Access

Web Activity Data

Trend Micro Web Security

Important

You must use Product Instance to connect Trend Micro Web Security. For more information, see Connect existing products to Product Instance .