Views:

Enable cloud security features and permissions to give Trend Vision One greater visibility and protection over your cloud assets.

Enabling the Cloud Account features and permissions on your AWS accounts allows Trend Vision One apps and security features to access your cloud account and gain greater visibility over assets and monitor for potential threats. Each feature and permission is described in the table below.
Important
Important
  • Some features support a limited number of AWS regions. For more information, see AWS supported regions and limitations.
  • Agentless Vulnerability & Threat Detection and Cloud Detections for Amazon Security Lake are pre-release sub-features and are not part of the existing features of an official commercial or general release. Please review the Pre-release Sub-Feature Disclaimer before using the sub-features.
Feature
Description
Core Features and Cyber Risk Exposure Management
The core set of features and permissions required to connect your AWS account
Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
Note
Note
Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
The core features enable the following Trend Vision One apps and features to monitor your cloud environment:
  • Cyber Risk Exposure ManagementAttack Surface DiscoveryCloud Assets
    For more information, see Cloud assets.
  • Cyber Risk Exposure ManagementAttack Surface DiscoveryAPIs
    For more information, see APIs.
  • Cyber Risk Exposure ManagementCloud Risk Management
    For more information, see Cloud Security Posture.
  • Endpoint SecurityServer & Workload Protection
    You can manage EC2 instances and Amazon WorkSpaces can in Server & Workload Protection like any other computer. These instances are tree structures and are treated as computer groups.
    AWS assets are visible in the following locations:
    • EC2 instances appear in the Computers screen, listed under your AWS account by region, VPC, and subnet.
    • Amazon WorkSpaces appear in the Computers screen, listed under your AWS account by region as part of the WorkSpaces group.
    For more information, see Computers.
Note
Note
Your AWS assets appear in the Endpoint Inventory list. Assets without the endpoint agent installed appear as unmanaged endpoints.
Agentless Vulnerability & Threat Detection
The feature and permission set to enable Cyber Risk Exposure Management (CREM) capabilities for your account
This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities and malware in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications. To learn more, see Agentless Vulnerability & Threat Detection.
Note
Note
You can specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic Block Store), ECR (Elastic Container Registry), and Lambda. All resources are included in vulnerability scanning by default. Anti-malware scanning is disabled by default but may be enabled at any time.
Container Protection for Amazon ECS
The feature and permission set to view and protect your containers
This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.
Important
Important
  • As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
  • At this time, the ECS runtime vulnerability scanning feature does not support scanning ECR images installed on AWS accounts where Container Security is not installed.
For more information, see Container Security.
Cloud Detections for AWS CloudTrail
The feature and permission set to enable XDR for Cloud to monitor Cloud Audit Logs for your account
This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.
Cloud audit logs are used as a data source in the following Trend Vision One apps and services:
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.
Note
Note
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of February 2025, data from XDR for Cloud - Amazon Security Lake does not count towards the data allowance limit. Once Cloud Detections for Amazon Security Lake officially releases, data from all log sources count towards your data allowance for XDR for Cloud.
Cloud Detections for Amazon Security Lake
The feature and permission set to enable XDR for Cloud monitoring of your Amazon Security Lake data
The feature set forwards data from your Amazon Security Lake to Trend Vision One to gain actionable insight into your environment with XDR detection models to alert when malicious and suspicious activity is detected in your cloud resources, services, and network.
Data forwarded includes the following scanned logs:
  • CloudTrail - Management Events
  • CloudTrail - S3 Data Events
  • CloudTrail - Lambda Data
  • EKS Audit Logs
  • Route 53 Resolver Query Logs
  • SecurityHub Findings
  • VPC Flow Logs
  • WAF Logs
Important
Important
You must set up Amazon Security Lake before enabling this feature.
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
The data allowance for XDR for Cloud is the amount of data that can be uploaded from all log sources over the year. As of February 2025, data from XDR for Cloud - Amazon Security Lake does not count towards the data allowance limit. Once Cloud Detections for Amazon Security Lake officially releases, data from all log sources count towards your data allowance for XDR for Cloud.
Cloud Response for AWS
The feature and permission set to allow response actions for your account
This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
File Security Storage
The feature and permission set to allow the File Security app to monitor and scan files and cloud storage
This feature allows Trend Vision One permission to view and scan files and cloud objects within your cloud storage to search for and detect possible malware. For more information, see File Security.
Real-Time Posture Monitoring
The feature and permission set to enable Real-Time Posture Monitoring for the Cloud Risk Management app
This feature allows Trend Vision One permission to monitor your cloud account to provide live monitoring with instant threat and remediation alerts for activities and events within your cloud environment. For more information, see Real-Time Posture Monitoring.
This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
Cloud Detections for AWS VPC Flow Logs
The feature and permission set to enable XDR for Cloud monitoring of Virtual Private Cloud (VPC) flow logs
This feature set allows Trend Vision One to collect and analyze VPC flow logs to identify and provide alerts for malicious IP traffic, SSH brute force attacks, data exfiltration, and more.
AWS VPC flow logs are used as a data source in the following Trend Vision One apps and services:
  • Threat Intelligence Sweeping
  • Observed Attack Techniques
  • Workbench
  • Detection Model Management (used for custom exceptions and models)
You can search for VPC Flow Log events using the Search app by selecting Cloud Activity Data or Network Activity Data as the search method. For more information, see Search method data sources.
This feature has additional requirements and considerations. For more information, see VPC Flow Logs recommendations and requirements.
Important
Important
XDR for Cloud only supports monitoring VPC Flow Logs version 5 or later. For more information, see VPC Flow Logs recommendations and requirements.
XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
Data Security Posture
The feature and permission set to allow Data Security Posture to monitor your AWS cloud assets for sensitive data.
This feature gives instant visibility into cloud assets containing sensitive data. Data Security Posture helps you understand your organization's overall data risk, and to view and address cloud assets with the riskiest sensitive data.
For more information, see Data Security Posture.
Related information