Security event forwarding

Procedure

1. Obtain the forwarding agent's installation package from the Trend Vision One console.
   1. Go to Workflow and Automation → Third-Party Integration → Active Directory (on-premises).
   2. Use the toggle to enable or disable the integration.
   3. In the Security Event Forwarding tab, click Download Installation Package.
      A tooltip with information about the installation package appears.
   4. Click Download Installer.
2. Install the agent on your Active Directory server.
   1. Execute trend-micro-vision-one-ad-connector.exe with administrator rights.
   2. Follow the on-screen wizard to configure the forwarding agent.

      Important If SSL certificates are imported, the certificates must be the same as the ones used in Service Gateways

3. Repeat the previous step to install the agent in multiple Active Directory servers.
4. In the Trend Vision One console, verify that the agent is connected and perform additional integration steps if necessary.

   Note Any configuration changes on the Trend Vision One console take 5 minutes to reflect on the forwarding agent.

   1. Go to Workflow and Automation → Third-Party Integration → Active Directory (on-premises) → Security Event Forwarding.
   2. Verify that the forwarding agents appear in the agent list.
   3. (Optional) Click on Enable automatic updates.

   Important If the forwarding agent user interface is open, the automatic updates process stops.