Security event forwarding via Trend Vision One Endpoint Security agent

Views:

Enable sharing security event information from an on-premises Active Directory server with Trend Vision One.

Configuring security event forwarding enhances visibility into identity-related risks by allowing Active Directory to share the following security event information with Trend Vision One:

Object access events
Logon/logoff events
System events
Account management events

This function is now achieved using the Trend Vision One Endpoint Security agent with the Identity Security Sensor - Active Directory enabled, replacing the previous requirements to install a separate Active Directory Connector.

Important

Security event forwarding via Trend Vision One Endpoint Security agent is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.

This feature is not available in all regions.

Procedure

Go to Workflow and Automation → Third-Party Integration → Active Directory (on-premises).
Use the toggle to enable Active Directory integration.
Configure data synchronization and user access control.

Go to Endpoint Security → Endpoint Inventory, and click Agent Installer to deploy the Trend Vision One Endpoint Security agent.

Note

Identity Security Sensor – Active Directory is supported on any of the following types of agents. Ensure you install the correct agent package on more Active Directory servers in your network.

Standard Endpoint Protection
Server & Workload Protection
Endpoint Sensor

For detailed deployment instructions, see Manage your agent deployments.

Configure an endpoint security policy and enable Identity Security Sensor - Active Directory in the policy settings.
1. Go to Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies → Policies.
2. Click Create policy.
  
  The Create policy window appears.
3. Specify the Policy name.
  
  Trend Micro recommends using a name that is easy to search and identify the purpose of the policy.
4. From the Identity Security Sensor drop-down list, select Enable.

Monitor agent deployment status and verify that agents are functioning correctly.

Note

For customers that have previously deployed the Active Directory Connector, you can still view the Active Directory Connector deployments in Third-Party Integration → Active Directory (on-premises).

Action	Steps
View agents with the Identity Security Sensor - Active Directory enabled	Go to Endpoint Security → Endpoint Inventory. Click Add filters (). Select the filter Endpoint security policy setting. From the security module list, search and set Identity Security Sensor - Active Directory to Enabled.
View agents properly forwarding security events to Trend Vision One	Go to Endpoint Security → Endpoint Inventory. Click Add filters (). Select the filter Identity Security Sensor - Active Directory.