Learn how to estimate and monitor your XDR for Cloud data usage.
XDR for Cloud requires credits when enabled for your cloud accounts. The initial credit
requirement is calculated based on your specified usage reservation, or how many GB
of data you estimate your organization will upload to Trend Vision One over the year. If your actual usage exceeds the usage reservation, the credits allocated
to XDR for Cloud are automatically increased. For more information on the credit allocation
model for XDR for Cloud, see Credit allocation models.
XDR for Cloud includes the following features:
-
Cloud Detections for AWS CloudTrail
-
Cloud Detections for AWS VPC Flow Logs
-
Cloud Detections for Amazon Security Lake
Before enabling XDR for Cloud features and deploying the stack template, consider
the
following recommendations when estimating how many GB of data to allocate credits
for in the
coming year:
-
Estimating data usage: Trend Micro recommends going to Metrics in the AWS CloudWatch console to view the size of the S3 buckets storing your AWS CloudTrail, AWS VPC Flow Logs, and Amazon Security Lake data. Use this past usage information to estimate your future data usage.
-
Compressed data: AWS CloudTrail and Amazon Security Lake data logs are stored in compressed format in the AWS console. When analyzed in Trend Vision One for XDR Threat Detections, the data is uncompressed. To account for this, Trend Micro recommends allocating 8 to 10 times more data usage in Trend Vision One than the size shown in AWS. For example, if the S3 bucket storing your data is 10 GB in size in the AWS console, you should allocate credits for 80 to 100 GB of data usage over the year in Trend Vision One.
-
Uncompressed data: Because the volume of log data for AWS VPC Flow Logs is not compressed in AWS, you can use the volume as a direct estimate of how many GB of data you need for AWS VPC Flow Logs in Trend Vision One.
To monitor your XDR for Cloud usage, go to to view a graph of your past data usage from all log sources.