Topics on this page
Upgrading to Trend Vision One Cloud Posture
A high-level guide for existing Cloud One and Conformity Standalone customers to upgrade to using Trend Micro Vision One Cloud Posture, part of Trend Micro's Attack Surface Risk Management feature set.
User Scenarios
- New Trend Micro customer interested in Vision One Cloud Posture
- Existing Trend Vision One customer interested in Vision One Cloud Posture
- Existing Trend Cloud One Conformity or Standalone Conformity customer interested in the enhanced Vision One features
- Existing Cloud One or Standalone Conformity customer interested in using the Vision One Cloud Data Forwarder
Deciding which path best suits your organization
Your organization's timeline for upgrading from existing Cloud Security Posture Management (CSPM) offerings to using Vision One Cloud Posture depends on your required feature set and ability to manage the new applications.
For a summary analysis of the parity between different Trend Micro CSPM offerings, refer to our Cloud Posture Feature Parity document.
As a first step, we encourage you to trial running a new instance of Vision One Cloud Posture in parallel to your existing instance of Conformity. The default onboarding and custom roles for Cloud Posture support independent parallel scanning.
Vision One Cloud Posture
Trend Vision One Cloud Posture is a natively integrated Cloud Security Posture Management (CSPM) feature set embedded in the Trend Vision One platform. Cloud Posture forms part of the Attack Surface Risk Management suite of Vision One features.
Based on your user scenario, follow the high-level steps outlined below.
New or Existing Trend Micro customer interested in Cloud Posture
- Visit the Trend Vision One website, and either test drive Vision One or sign up for a free trial.
- Sign in to your Trend Vision One account.
- Optional: Set up SSO by Adding your Identity Provider.
- Ensure you select the appropriate Pre-defined Roles.
- In the left-hand menu under Attack Surface Risk Management > Cloud Posture > Cloud Posture Overview > Add Cloud Accounts.
- Alternatively, add your AWS Organization under Attack Surface Risk Management > Cloud Posture > Cloud Posture Overview and then select Organization.
Existing Cloud One Conformity or Standalone Conformity User Interested in Vision One Cloud Posture
As an existing Cloud One or Standalone Conformity customer, you can get the upgraded to Vision One Cloud Posture by getting in touch with your Trend Micro Account Manager and following the steps below:
- Visit the Trend Vision One website, and either test drive Vision One or sign up for a free trial.
- Sign in to your Trend Vision One account.
- Optional: Set up SSO by Adding your Identity Provider.
- Ensure you select the appropriate Pre-defined Roles.
Once you're done signing up, please contact your Technical Account Manager.
Upgraded Features and Functionalities
Legacy Feature | Will be Upgraded | Not Upgraded |
---|---|---|
All Cloud accounts | ||
Cloud Providers Supported | AWS, GCP & Azure | |
All Custom rules | ||
All Report configurations | ||
All Profiles | ||
Integrations | SMS & Email settings | |
Custom checks | ||
Suppressed checks | ||
Legacy Public API | ||
Groups | ||
Rule settings | ||
Report configurations | ||
RTM | ||
All User data | ||
All Users in the Organisation | Users must be re-onboarded in V1. | |
Notes | ||
Reports | ||
Historical RTM events | ||
Daily reports | ||
Conformity Bot Checks | ||
Permissions/RBAC support | Must be reconfigured in V1 | |
SSO/SAML | Must be reconfigured in V1 | |
API Keys | Must be recreated in V1. | |
Template Scanner | Already works in V1 |
Activating Trend Vision One for Cloud One Customers
In your Trend Vision One account:
- Go to the Trend Micro Activation Service.
- Select Trend Vision One as your Existing Trend Micro Solution.
- Enter the Trend Cloud One API key value with Read Only permission.
- Follow the prompts on the Activation Service to activate your Vision One account.
- Follow the steps in the section Vision One Cloud Posture.
Existing Cloud One Conformity or Standalone Conformity User Interested in the Cloud Data Forwarder
The Cloud Data Forwarder is a simple way to integrate the existing Cloud One Conformity and standalone Conformity data directly into Vision One, while still managing your CSPM organisation in a separate application. The Vision One integration for existing Cloud One or Standalone Conformity customers allows Conformity data to be forwarded directly to Vision One Attack Surface Risk Management.
For the full steps on integrating the Cloud Data Forwarder, visit here.
FAQs
What are the pre-requisites for upgrading an existing Standalone/Cloud One Conformity Customer to Trend Vision One Cloud Posture?
Since V1 doesn’t support duplicate accounts, customers must de-duplicate their accounts first.
Additionally, the following regions are not supported by Trend Vision One for upgrade currently:
- eu-west-1
- ca-central-1
- eu-west-2
Can a customer be upgraded across different regions? (e.g. C1 is in us-west-2 and V1 is in ap-southeast-2)?
No, the cross-region upgrade is not supported currently.
What version of Conformity is supported for upgrade?
We currently support both Standalone and Cloud One Conformity.
What are the guidelines for existing customers using the Public API in Conformity?
Please contact your Technical Account Manager and request specific guides for customers using the legacy APIs and the current Public API.
What happens to the Standalone/Cloud One organisations post upgrade?
The Conformity Bot on legacy organisations will be disabled and enabled in the new Trend Vision One organisation. Also, If RTM was enabled on the legacy organisation, it will be disabled and re-enabled to point to the new Trend Vision One Organisation.
Eventually when the upgrade is done successfully, old organisation & accounts will be cancelled & deleted on confirmation from the customers.
Reports will be automatically removed after 12 months (from date of creation) in the legacy systems. It is advised that if a customer wishes to have a copy of this data, they should download these reports.
If a customer decides to upgrade the CAM bridge account to a full account, they need to uninstall the Conformity onboarding stack.