Topics on this page
Trend Micro Vision One (XDR) Remote Shell
The XDR-integrated remote shell lets you run commands directly from the Trend Micro Vision One (XDR) interface.
If you connect your agents and relays to the 'primary security update source' via a proxy, Remote Shell automatically uses the same proxy settings.
Remote Shell is available for agent version 20.0.0-2009+. Agent version 20.0.0-2204+ adds support for additional commands, as detailed in Supported commands.
Requirements
- Install the agent version 20.0.0-2009+ for Windows or Linux
- Register with Trend Micro Vision One (XDR)
- Forward security events to Trend Micro Vision One (XDR)
- Enable Activity Monitoring
Workload Security uses an IoT mechanism to transmit messages and events to Trend Micro Vision One (XDR). If you need to restrict the URLs allowed in your environment, configure your firewall to include the "Event Channel - XDR Activity Monitoring" FQDNs from the Workload Security URLs table.
Start a remote shell session
You can start a remote shell session from either of the following:
From the Trend Micro Vision One Search App
:
Right-click on the endpointHostName field in Search App events and select Start Remote Shell Session.
From the Trend Micro Vision One Workbench (under XDR
):
Right-click on the server icon and select Start Remote Shell Session.
Supported commands
The following table lists currently supported remote shell commands for Windows and Linux platforms.
Agent 20.0.0-2204+ adds support for additional commands.
DSA Version | Platform | Command | Description | Syntax | Example |
---|---|---|---|---|---|
20.0.0-2204 | Windows, Linux | cat | Output content of the selected file (max size 1MB) | cat <file_location_and_extension> For the <file_location_and_extension>, specify the absolute or relative path to the file, the file name, and the file extension. |
|
cd | Change current working directory |
cd <path> For the <path>, specify the absolute or relative path. |
cd C:\ | ||
clear | Clear screen | clear | clear | ||
env | List environment variables |
env | env | ||
group list | List local group information | group list | group list | ||
help | Display help information | help | help | ||
ls | List files and directories |
ls <path> For the <path>, specify the absolute or relative path. |
|
||
ps | List running process information | ps | ps | ||
pwd | Display current directory | pwd | pwd | ||
service list | List service information | service list | service list | ||
user list | List local user accounts | user list | user list | ||
listenports | List listen ports | listenports | listenports | ||
netstat | List network connections | netstat | netstat | ||
ipconfig | Show network configurations | ipconfig | ipconfig | ||
fileinfo | List detailed file properties |
file info <file_location_and_extension> For the <file_location_and_extension>, specify the absolute or relative path to the file, the file name, and the file extension. |
|
||
systeminfo | List system information | ipconfig | ipconfig | ||
scheduletasks | Show schedule tasks | scheduletasks | scheduletasks | ||
Windows | reg query | List registry key or value | reg query <key> [--value=<value_name>] |
|
|
Linux | bashhistory | List command/bash history (/root/.bash_history) | bashhistory | bashhistory | |
20.0.0.2009 | Windows, Linux | cat | Output content of the selected file (max size 1MB) |
cat <file_location_and_extension> For the <file_location_and_extension>, specify the absolute or relative path to the file, the file name, and the file extension. |
|
cd | Change current working directory |
cd <path> For the <path>, specify the absolute or relative path. |
cd C:\ | ||
clear | Clear screen | clear | clear | ||
env | List environment variables | env | env | ||
group list | List local group information | group list | group list | ||
help | Display help information | help | help | ||
ls | List files and directories |
ls <path> For the <path>, specify the absolute or relative path. |
|
||
ps | List running process information | ps | ps | ||
pwd | Display current directory | pwd | pwd | ||
service list | List service information | service list | service list | ||
user list | List local user accounts | user list | user list | ||
listenports | List listen ports | listenports | listenports |
Troubleshoot common issues
To troubleshoot common issues with the remote shell, check the following settings in your Workload Security console:
Trend Micro Vision One (XDR) settings
In the Trend Micro Vision One (XDR) tab (Administration > System Settings > Trend Micro Vision One (XDR)), make sure that:
- Enrollment status is "Registered"
- Forward security events to Trend Micro Vision One has its checkbox selected
If Enrollment status is not "Registered" you need to Register with Trend Micro Vision One (XDR).
Security module settings for your computer(s)
In the Activity Monitoring tab for your computer(s) (Computers > (Right- or- double-click) Details > Activity Monitoring > General), make sure Configuration is set to "On" or "Inherited (On)."
You can also enable Activity Monitoring for computers by enabling it in the policy assigned to them. From the Policies tab, double-click the policy you want to enable Activity Monitoring for. Go to the Activity Monitoring > General and make sure that "Activity Monitoring State" is set to "On."
If you've checked the requirements and troubleshoot common issues sections but are still experiencing problems, please contact support.