Table of contents

Real-Time Threat Monitoring

Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring (RTM) provides live monitoring with instant threat and remediation alerts for activities and events within your AWS , Azure, and GCP accounts.

Conformity RTM ingests raw events to allow you to easily monitor your environment, and supports updating Checks for a subset of Rules in near real-time. You can view our documentation listing the Conformity Rules supported by RTM.

Two key features are offered with RTM:

  1. Activity Dashboard - identify unusual user activities
  2. Monitoring Dashboard - get an in-depth record of all events in an AWS account

What's the number of rules RTM covers once it's enabled?

  • 8 pure RTM rules, which are always running for any kind of events
  • 25+ additional rules looking for events of significance.
    For example, internet gateway config changes
  • 350+ rules running in real-time whenever resources are modified
    Note: The number of rules covered does not match the total number of rules that Conformity supports. This is because RTM is set up to cover the most used AWS services. New services or not-so-critical services are not integrated with RTM
  • The services for which we have extensive but not necessarily complete coverage are:
  • S3
  • EC2
  • ELB
  • Auto Scaling
  • CloudFormation
  • IAM
  • DynamoDB
  • Lambda
  • CloudFront
  • EKS
  • ECR

Setup Real-Time Threat Monitoring

  1. Add a Conformity account
  2. Follow the instructions on setting up Real-Time Threat Monitoring

Access Real-Time Threat Monitoring

  1. Select an Account where Real-Time monitoring is enabled
  2. Open Dashboard

Uninstall Real-Time Threat Monitoring

To uninstall Real-Time Threat Monitoring from your account, open a command prompt or shell and run the following command:

  1. For AWS RTM:
    curl -L | bash -s
  2. For Azure RTM: Please refer to Uninstalling RTM for Azure.