Support Open Console
English
日本語
Support
Open Console
  • Home
  • Workload Security
  • SDK guides
  • Automate using the API and SDK
  • Automate
  • Run the code examples
Table of contents
About Workload Security
  • About the Workload Security components
  • About the Workload Security protection modules
    • Intrusion Prevention
    • Anti-Malware
    • Firewall
    • Web Reputation
    • Integrity Monitoring
    • Log Inspection
    • Application Control
  • About billing and pricing
    • What Workload Security considers as a protection-hour
    • When protection-hours start and stop
    • Trial or subscription expired
    • Legacy Workload Security billing methods
  • Workload Security release strategy and life cycle policy
Compatibility
  • Agent platforms
    • Agent platform support table
    • Docker support
    • Systemd support
    • SELinux support
    • Linux minor version support
  • Agent Linux kernel support
  • Supported features by platform
    • Microsoft Windows
    • Red Hat Enterprise Linux
    • CentOS Linux
    • Oracle Linux
    • SUSE Linux
    • Ubuntu Linux
    • Debian Linux
    • CloudLinux
    • Amazon Linux
    • Solaris
    • AIX
  • System requirements
    • Trend Micro - Cloud One console requirements
    • Deep Security Agent requirements
    • Deep Security Relay requirements
  • Sizing
    • Deep Security Agent and Relay sizing
  • Port numbers, URLs, and IP addresses
    • Workload Security port numbers
    • Workload Security URLs
    • Workload Security IP addresses
Get started
  • Try the Workload Security demo
  • Transitioning from Deep Security as a Service
  • Start protecting computers
    • Add AWS EC2 instances to Workload Security
    • Add Azure virtual machines to Workload Security
    • Add Google Cloud Platform (GCP) virtual machines to Workload Security
    • Deploy Deep Security Agents to your AWS EC2 instances or Azure virtual machines
    • Protect your instances with policies
  • Check digital signatures on software packages
    • Check the signature on software ZIP packages
    • Check the signature on installer files (EXE, MSI, RPM or DEB files)
  • Deploy a relay
  • Deploy the agent
    • Get agent software
      • View a list of available agent software
      • Export the agent installer
      • Solaris-version-to-agent-package mapping table
      • AIX agent package naming format
    • Install the agent
      • Install the agent manually
      • Install the agent using other methods
      • Post-installation tasks
    • Install the agent on Amazon EC2 and WorkSpaces
      • Add your AWS accounts to Workload Security
      • Configure the activation type
      • Open ports
      • Deploy agents to your Amazon EC2 instances and WorkSpaces
      • Verify that the agent was installed and activated properly
      • Assign a policy
    • Install the agent on an AMI or WorkSpace bundle
      • Add your AWS account to Workload Security
      • Configure the activation type
      • Launch a 'master' Amazon EC2 instance or Amazon WorkSpace
      • Deploy an agent on the master
      • Verify that the agent was installed and activated properly
      • (Recommended) Set up policy auto-assignment
      • Create an AMI or custom WorkSpace bundle based on the master
      • Use the AMI
    • Install the agent on Azure VMs
    • Install the agent on Google Cloud Platform VMs
    • Activate the agent
      • Deactivate the agent
      • Start or stop the agent
Automate
  • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
  • Automate using the API and SDK
    • API reference
    • The API and SDK - DevOps tools for automation
      • The API and SDK
      • API versions
      • Legacy REST and SOAP APIs
      • Next Step
    • Send your first request using the API
      • Set up your development environment
      • Authenticate with Workload Security
      • Perform a GET request: list policies
      • Perform a POST request: search firewall rules
      • Get the Workload Security version
      • Next Steps
    • Notes about resource property values
      • How to express a null value
      • Valid values for Boolean properties
      • Include only changed values when modifying resources
    • About the overrides parameter
    • Search for resources
      • Searchable fields
      • Search computer sub-objects
      • Field names in Python code
      • Use wildcards in string searches
      • Perform a date-range search
      • Search for null values
      • Sort order
      • Limit search results and paging
    • API rate limits
      • Handle rate limit errors in your code
    • Performance tips
      • Minimize computer response size
      • Use the overrides parameter
      • Directly configure rule assignments
      • Interact directly with single settings
      • Page your search results
    • Troubleshooting tips
      • Obtain error information
      • Authentication errors
      • Authorization errors
      • Resource not found errors
      • Bad request errors
      • Check SDK compatibility
    • API cookbook
      • About the API cookbook
      • Set Up to Use Bash or PowerShell
        • Bash or PowerShell?
        • Check your environment
        • Create an API key
        • Test your setup
        • Final comments
      • Get a List of Computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Search for a Policy (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a policy to a computer (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a policy to many computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
        • Related Resources
    • SDK guides
      • Python SDK
        • Get set up to use the Python SDK
      • SDK version compatibility
        • Upgrade scenarios
      • Run the code examples
      • Index of code examples
        • Anti-Malware
        • API Client
        • API keys
        • Application Control
        • Computers
        • Firewall
        • Integrity Monitoring
        • Intrusion Prevention (IDS/IPS)
        • Lists
        • Log Inspection
        • Policies
        • Recommendations
        • Reporting
        • Roles
        • Rules
        • Scheduled tasks
        • Schedules
        • Security updates
        • Search
        • Settings
        • Web Reputation
      • Deploy Workload Security
        • Use the API to generate an agent deployment script
          • General steps
          • Example
        • Integrate Workload Security with AWS Services
          • Workflow pattern
          • Amazon GuardDuty
          • Amazon Macie
          • Amazon Inspector
          • AWS WAF
          • AWS Config
        • Add Computers
        • Add a Google Cloud Platform Connector
          • Submit a Sync Action for a GCP Connector
        • Control Access Using Roles
          • General steps
          • Example: Create a role
        • Create and manage API keys
          • About API keys
          • Create an API Key Using Code
          • Create an API key using the console
          • Manage API keys after their creation
        • Configure Workload Security system settings
          • Retrieve, modify, or reset a single system setting
          • List or modify multiple system settings
        • Monitor Workload Security events
      • Configure protection
        • Create and configure a policy
          • Create a policy
          • Assign a policy to a computer
          • Configure policy and default policy settings
          • Reset policy overrides
        • Configure Firewall
          • General steps
          • Example
          • Create a firewall rule
          • Limitations to configuring stateful configurations
        • Configure Intrusion Prevention
          • General steps
          • Example
          • Create an Intrusion Prevention rule
        • Configure Anti-Malware
          • General steps
          • Example
          • Create and modify malware scan configurations
        • Configure Web Reputation
          • General steps
          • Example
        • Configure Application Control
          • Configure Application Control for a policy
          • Allow or Block Unrecognized Software
          • Create a shared ruleset
          • Add Global Rules
          • Configure maintenance mode during upgrades
        • Configure Integrity Monitoring
          • General steps
          • Example
          • Create an Integrity Monitoring rule
        • Configure Log Inspection
          • General steps
          • Example
          • Create a Log Inspection rule
        • Create and modify lists
        • Create and configure schedules
        • Override policies on a computer
          • Discover overrides
          • Configure computer overrides
          • Rule overrides
      • Maintain protection
        • Report on computer status
          • Discover unprotected computers
          • Get computer configurations
          • Discover the Anti-Malware configuration of a computer
          • Get applied intrusion prevention rules
        • Patch unprotected computers
          • Example: Find the Intrusion Prevention rule for a CVE
          • Example: Find computers that are not protected against a CVE
          • Example: Add intrusion prevention rules to computers' policies
        • Assign rules with recommendation scans
          • Find when recommendation scans last ran
          • Apply recommendations
        • Maintain protection using scheduled tasks
          • Related classes
          • Create a scheduled task
          • Create, run, and delete a scheduled task
          • Run an existing scheduled task
    • Settings reference
      • Default policy, policy, and computer settings
      • System settings
    • Use the legacy APIs
      • Provide access for legacy APIs
      • Transition from the SOAP API
        • Terminology
        • Specific tasks
        • Java class structure
        • Capabilities
        • Related code examples
      • Use the legacy REST API
        • When to use the legacy REST API
        • Set up your environment to use the REST API
        • Develop a REST API client application
        • Special Considerations
  • Automate using the console
    • Schedule Workload Security to perform tasks
      • Create scheduled tasks
      • Enable or disable a scheduled task
      • Set up scheduled reports
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
      • Create an event-based task
      • Edit or stop an existing event-based task
      • Events that you can monitor
      • Conditions
      • Actions
      • Order of execution
      • Temporarily disable an event-based task
    • AWS Auto Scaling and Workload Security
      • Pre-install the agent
      • Install the agent with a deployment script
      • Delete instances from Workload Security as a result of Auto Scaling
    • Azure virtual machine scale sets and Workload Security
      • Step 1: (Recommended) Add your Azure account to Workload Security
      • Step 2: Prepare a deployment script
      • Step 3: Add the agent through a custom script extension to your VMSS instances
    • GCP auto scaling and Workload Security
      • Pre-install the agent
      • Install the agent with a deployment script
      • Delete instances from Workload Security as a result of GCP MIGs
    • Use deployment scripts to add and protect computers
      • Generate a deployment script
      • Troubleshooting and tips
    • URL format for download of the agent
      • Agent download URL format
      • Exceptions for backwards compatibility
      • Using agent version control to define which agent version is returned
    • Automatically assign policies by AWS instance tags
  • Command-line basics
    • dsa_control
    • dsa_query
User Guide
  • Add computers
    • About adding computers
      • Add computers to Workload Security
      • Group computers
      • Export your computers list
      • Delete a computer
    • Add local network computers
      • Agent-initiated activation
      • Manually add a computer
    • Add AWS instances
      • About adding AWS accounts
        • Overview of methods for adding AWS accounts
        • What happens when you add an AWS account?
        • What are the benefits of adding an AWS account?
        • What AWS regions are supported?
      • Add an AWS account using the quick setup
      • Add an AWS account using a cross-account role
        • Add the account through the API
      • Add Amazon WorkSpaces
        • Protect Amazon WorkSpaces if you already added your AWS account
        • Protect Amazon WorkSpaces if you have not yet added your AWS account
      • Manage an AWS account
        • Edit an AWS account
        • Remove an AWS account
        • Synchronize an AWS account
      • Manage an AWS account external ID
        • What is the external ID?
        • Configure the external ID
        • Update the external ID
        • Retrieve the external ID
        • Disable retrieval of the external ID
      • Protect an account running in AWS Outposts
      • What does the Cloud Formation template do when I add an AWS account?
    • Add Azure instances
      • Create an Azure app for Workload Security
        • Assign the correct roles
        • Create the Azure app
        • Record the Azure app ID, Active Directory ID, and password
        • Record the Subscription ID(s)
        • Assign the Azure app a role and connector
      • Add a Microsoft Azure account to Workload Security
        • What are the benefits of adding an Azure account?
        • Add virtual machines from a Microsoft Azure account to Workload Security
        • Manage Azure classic virtual machines with the Azure Resource Manager connector
        • Remove an Azure account
        • Synchronize an Azure account
      • Why should I upgrade to the new Azure Resource Manager connection functionality?
    • Add GCP instances
      • Create a Google Cloud Platform service account
        • Prerequisite: Enable the Google APIs
        • Create a GCP service account
        • Add more projects to the GCP service account
        • Create multiple GCP service accounts
      • Add a Google Cloud Platform account
        • What are the benefits of adding a GCP account?
        • Configure a proxy setting for the GCP account
        • Add a GCP account to Workload Security
        • Remove a GCP account
        • Synchronize a GCP account
    • Add VMware VMs
      • Add virtual machines hosted on VMware vCloud
        • What are the benefits of adding a vCloud account?
        • Proxy setting for cloud accounts
        • Create a VMware vCloud Organization account for Workload Security
        • Import computers from a VMware vCloud Organization Account
        • Import computers from a VMware vCloud Air data center
        • Remove a cloud account
      • Set up a data center gateway
        • Set up a data center gateway
        • Check the data center gateway status and connection
        • Upgrade the data center gateway
        • Security best practices
        • High availability deployment plan
      • Add a VMware vCenter to Workload Security
        • Add a data center gateway
        • Add a VMware vCenter
        • Protect workloads in VMware
    • Manually upgrade your AWS account connection
      • Verify the permissions associated with the AWS role
    • How do I migrate to the new cloud connector functionality?
    • Protect Docker containers
      • Workload Security protection for the Docker host
      • Workload Security protection for Docker containers
      • Limitation on Intrusion Prevention recommendation scans
  • Configure policies
    • Create policies
      • Create a new policy
      • Other ways to create a policy
      • Edit the settings for a policy or individual computer
      • Assign a policy to a computer
      • Disable automatic policy updates
      • Send policy changes manually
      • Export a policy
    • Policies, inheritance, and overrides
      • Inheritance
      • Overrides
      • View the overrides on a computer or policy at a glance
    • Manage and run recommendation scans
      • What gets scanned?
      • Scan limitations
      • Run a recommendation scan
      • Automatically implement recommendations
      • Check scan results and manually assign rules
      • Configure recommended rules
      • Implement additional rules for common vulnerabilities
      • Troubleshooting: Recommendation Scan Failure
    • Detect and configure the interfaces available on a computer
      • Configure a policy for multiple interfaces
      • Enforce interface isolation
    • Overview section of the computer editor
      • General tab
      • Actions tab
      • System Events tab
    • Overview section of the policy editor
      • General tab
      • Computer(s) Using This Policy tab
      • Events tab
    • Network engine settings
    • Define rules, lists, and other common objects used by policies
      • About common objects
        • Rules
        • Lists
        • Other
      • Create a firewall rule
      • Configure intrusion prevention rules
      • Create an Integrity Monitoring rule
      • Define a Log Inspection rule for use in policies
      • Create a list of directories for use in policies
        • Import and export directory lists
        • See which policies use a directory list
      • Create a list of file extensions for use in policies
        • Import and export file extension lists
        • See which malware scan configurations use a file extension list
      • Create a list of files for use in policies
        • Import and export file lists
        • See which policies use a file list
      • Create a list of IP addresses for use in policies
        • Import and export IP lists
        • See which rules use an IP list
      • Create a list of ports for use in policies
        • Import and export port lists
        • See which rules use a port list
      • Create a list of MAC addresses for use in policies
        • Import and export MAC lists
        • See which policies use a MAC list
      • Define contexts for use in policies
        • Configure settings used to determine whether a computer has internet connectivity
        • Define a context
      • Define stateful firewall configurations
      • Define a schedule that you can apply to rules
  • Configure protection modules
    • Configure Intrusion Prevention
      • About Intrusion Prevention
        • Intrusion Prevention rules
        • Use behavior modes to test rules
        • Intrusion Prevention events
        • Support for secure connections
        • Contexts
        • Interface tagging
      • Set up Intrusion Prevention
        • Enable Intrusion Prevention in Detect mode
        • Test Intrusion Prevention
        • Apply recommended rules
        • Monitor your system
        • Enable 'fail open' for packet or system failures
        • Switch to Prevent mode
        • Implement best practices for specific rules
      • Configure intrusion prevention rules
        • See the list of intrusion prevention rules
        • See information about an intrusion prevention rule
        • See the list of intrusion prevention rules
        • General Information
        • See information about the associated vulnerability (Trend Micro rules only)
        • Assign and unassign rules
        • Automatically assign updated required rules
        • Configure event logging for rules
        • Generate alerts
        • Setting configuration options (Trend Micro rules only)
        • Schedule active times
        • Exclude from recommendations
        • Set the context for a rule
        • Override the behavior mode for a rule
        • Override rule and application type configurations
        • Export and import rules
      • Configure an SQL injection prevention rule
        • What is an SQL injection attack?
        • What are common characters and strings used in SQL injection attacks?
        • How does the Generic SQL Injection Prevention rule work?
        • Examples of the rule and scoring system in action
        • Configure the Generic SQL Injection Prevention rule
        • Character encoding guidelines
      • Application types
        • See a list of application types
        • General Information
        • Connection
        • Configuration
        • Options
        • Assigned To
      • Inspect SSL or TLS traffic
        • Configure SSL inspection
        • Change port settings
        • Use Intrusion Prevention when traffic is encrypted with Perfect Forward Secrecy (PFS)
        • Supported cipher suites
        • Supported protocols
      • Configure anti-evasion settings
      • Performance tips for intrusion prevention
        • Maximum size for configuration packages
    • Configure Anti-Malware
      • About Anti-Malware
      • Set up Anti-Malware
        • Enable and configure anti-malware
          • Turn on the Anti-Malware module
          • Select the types of scans to perform
          • Configure scan exclusions
          • Ensure that Workload Security can keep up to date on the latest threats
        • Configure malware scans
          • Create or edit a malware scan configuration
          • Scan for specific types of malware
          • Specify the files to scan
          • Scan a network directory (real-time scan only)
          • Specify when real-time scans occur
          • Configure how to handle malware
          • Identify malware files by file hash digest
          • Configure notifications on the computer
        • Performance tips for anti-malware
          • Minimize disk usage
          • Optimize CPU usage
          • Optimize RAM usage
        • Disable Windows Defender on Windows Server 2016 or later
      • Detect emerging threats using Predictive Machine Learning
        • Enable Predictive Machine Learning
      • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • How does enhanced scanning protect you?
        • How to enable enhanced scanning
        • What happens when enhanced scanning finds a problem?
      • Smart Protection in Workload Security
        • Anti-Malware and Smart Protection
        • Web Reputation and Smart Protection
        • Smart Feedback
      • Handle malware
        • View and restore identified malware
          • See a list of identified files
          • Working with identified files
          • Search for an identified file
          • Restore identified files
        • Create anti-malware exceptions
          • Create an exception from an Anti-Malware event
          • Manually create an Anti-Malware exception
          • Exception strategies for spyware and grayware
          • Scan exclusion recommendations
        • Increase debug logging for anti-malware in protected Linux instances
    • Configure Firewall
      • About Firewall
        • Firewall rules
      • Set up the Workload Security firewall
        • Test Firewall rules before deploying them
        • Enable 'fail open' behavior
        • Turn on Firewall
        • Default Firewall rules
        • Restrictive or permissive Firewall design
        • Firewall rule actions
        • Firewall rule priorities
        • Recommended Firewall policy rules
        • Reconnaissance scans
        • Stateful inspection
        • Example
        • Important things to remember
      • Create a firewall rule
        • Add a new rule
        • Select the behavior and protocol of the rule
        • Select a Packet Source and Packet Destination
        • Configure rule events and alerts
        • Set a schedule for the rule
        • Assign a context to the rule
        • See policies and computers a rule is assigned to
        • Export a rule
        • Delete a rule
      • Allow trusted traffic to bypass the firewall
        • Create a new IP list of trusted traffic sources
        • Create incoming and outbound firewall rules for trusted traffic using the IP list
        • Assign the firewall rules to a policy used by computers that trusted traffic flows through
      • Firewall rule actions and priorities
        • Firewall rule actions
        • Firewall rule sequence
        • How firewall rules work together
        • Rule priority
        • Putting rule action and priority together
      • Firewall settings
        • General
        • Interface Isolation
        • Reconnaissance
        • Advanced
        • Events
      • Define stateful firewall configurations
        • Add a stateful configuration
        • Enter stateful configuration information
        • Select packet inspection options
        • Export a stateful configuration
        • Delete a stateful configuration
        • See policies and computers a stateful configuration is assigned to
      • Container Firewall rules
        • Kubernetes Firewall rules
        • Swarm Firewall rules
    • Configure Web Reputation
      • Turn on the Web Reputation module
      • Switch between inline and tap mode
      • Enforce the security level
      • Create exceptions
      • Configure the Smart Protection Server
      • Edit advanced settings
      • Test Web Reputation
    • Configure Integrity Monitoring
      • About Integrity Monitoring
      • Set up Integrity Monitoring
        • How to enable Integrity Monitoring
        • When Integrity Monitoring scans are performed
        • Integrity Monitoring scan performance settings
        • Integrity Monitoring event tagging
      • Create an Integrity Monitoring rule
        • Add a new rule
        • Enter Integrity Monitoring rule information
        • Select a rule template and define rule attributes
        • Configure Trend Micro Integrity Monitoring rules
        • Configure rule events and alerts
        • See policies and computers a rule is assigned to
        • Export a rule
        • Delete a rule
      • Integrity Monitoring rules language
        • About the Integrity Monitoring rules language
          • Entity Sets
          • Hierarchies and wildcards
          • Syntax and concepts
          • Include tag
          • Exclude tag
          • Case sensitivity
          • Entity features
          • ANDs and ORs
          • Order of evaluation
          • Entity attributes
          • Shorthand attributes
          • onChange attribute
          • Environment variables
          • Registry values
          • Use of ".."
          • Best practices
        • DirectorySet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
        • FileSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Drives Mounted as Directories
          • Alternate Data Streams
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for FileSets:
        • GroupSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Include and Exclude
        • InstalledSoftwareSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for InstalledSoftwareSets:
        • PortSet
          • Tag Attributes
          • Entity Set Attributes
          • Meaning of "Key"
          • IPV6
          • Matching of the Key
          • Sub Elements
          • Special attributes of Include and Exclude for PortSets:
        • ProcessSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for ProcessSets:
        • RegistryKeySet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
        • RegistryValueSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Default Value
          • Sub Elements
        • ServiceSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for ServiceSets:
        • UserSet
          • Tag Attributes
          • Entity Set Attributes
          • Common Attributes
          • Windows-only Attributes
          • Linux, AIX, and Solaris Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Include and Exclude
          • Special attributes of Include and Exclude for UserSets
        • WQLSet
          • Entity Set Attributes
          • Meaning of Key
          • Include Exclude
    • Configure Log Inspection
      • About Log Inspection
      • Set up Log Inspection
        • Turn on the log inspection module
        • Run a recommendation scan
        • Apply the recommended log inspection rules
        • Test Log Inspection
        • Configure log inspection event forwarding and storage
      • Define a Log Inspection rule for use in policies
        • Create a new Log Inspection rule
        • Decoders
        • Subrules
        • Real world examples
        • Log Inspection rule severity levels and their recommended use
        • strftime() conversion specifiers
        • Examine a Log Inspection rule
    • Configure Application Control
      • About Application Control
        • Key concepts
        • How does application control work?
        • A tour of the application control interface
        • What does application control detect as a software change?
      • Set up Application Control
        • Turn on Application Control
        • Monitor new and changed software
        • Turn on maintenance mode when making planned changes
        • Application Control tips and considerations
      • Verify that Application Control is enabled
      • Monitor Application Control events
      • View and change Application Control rulesets
        • View Application Control rulesets
        • Change the action for an Application Control rule
        • Delete an individual Application Control rule
        • Delete an Application Control ruleset
      • Reset Application Control after too much software change
      • Use the API to create shared and global rulesets
        • Create a shared ruleset
        • Change from shared to computer-specific allow and block rules
        • Deploy Application Control shared rulesets via relays
        • Considerations when using relays with shared rulesets
  • Configure events and alerts
    • About Workload Security event logging
      • Where are event logs on the agent?
      • When are events sent to Workload Security?
      • How long are events stored?
      • System events
      • Security events
      • See the events associated with a policy or computer
      • View details about an event
      • Filter the list to search for an event
      • Export events
      • Improve logging performance
    • Log and event storage best practices
      • Limit log file sizes
      • Event logging tips
    • Anti-Malware scan failures and cancellations
      • Anti-Malware scan failure events
      • Anti-Malware scan cancellation events
    • Apply tags to identify and group events
      • Manual tagging
      • Auto-tagging
      • Trusted source tagging
      • Delete a tag
    • Reduce the number of logged events
    • Rank events to quantify their importance
      • Web Reputation event risk values
      • Firewall rule severity values
      • Intrusion Prevention rule severity values
      • Integrity Monitoring rule severity values
      • Log Inspection rule severity values
      • Asset values
    • Forward events to a Syslog or SIEM server
      • Forward Workload Security events to a Syslog or SIEM server
        • Allow event forwarding network traffic
        • Define a Syslog configuration
        • Forward system events
        • Forward security events
        • Troubleshoot event forwarding
      • Syslog message formats
        • CEF syslog message format
        • LEEF 2.0 syslog message format
        • Events originating in Workload Security
        • Events originating in the agent
      • Configure Red Hat Enterprise Linux to receive event logs
        • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
        • Set up a Syslog on Red Hat Enterprise Linux 5
    • Access events with Amazon SNS
      • Set up Amazon SNS
        • Create an AWS user
        • Create an Amazon SNS topic
        • Enable SNS
        • Create subscriptions
      • SNS configuration in JSON format
        • Version
        • Statement
        • Multiple statements vs. multiple conditions
        • Example SNS configurations
      • Events in JSON format
        • Valid event properties
        • Example events in JSON format
    • Configure alerts
      • View alerts in the Workload Security console
      • Configure alert settings
      • Set up email notification for alerts
    • Generate reports about alerts and other activity
      • Set up a single report
      • Set up a scheduled report
      • Check billing and usage for Workload Security
      • Troubleshoot: Scheduled report sending failed
    • Lists of events and alerts
      • Predefined alerts
      • Agent events
      • System events
      • Application Control events
        • What information is displayed for Application Control events?
        • List of all Application Control events
      • Anti-Malware events
        • What information is displayed for Anti-Malware events?
        • List of all Anti-Malware events
      • Firewall events
        • What information is displayed for firewall events?
        • List of all firewall events
      • Intrusion Prevention events
        • What information is displayed for intrusion prevention events?
        • List of all intrusion prevention events
      • Integrity Monitoring events
        • What information is displayed for Integrity Monitoring events?
        • List of all Integrity Monitoring events
      • Log Inspection events
        • What information is displayed for log inspection events?
        • List of log inspection security events
      • Web Reputation events
        • What information is displayed for Web Reputation events?
        • Add a URL to the list of allowed URLs
    • Troubleshoot common events, alerts, and errors
      • Why am I seeing firewall events when the firewall module is off?
      • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Uninstall Deep Security Agent
        • Reactivate the computer or clone
      • Troubleshoot "Smart Protection Server disconnected" errors
        • Check the error details
      • Activation Failed
        • Protocol Error
        • Unable to resolve hostname
        • No agent/appliance
        • Blocked port
        • Maximum five protected computers
        • Endpoint behind proxy
        • Reinstallation required
      • Agent version not supported
      • Anti-Malware Engine Offline
        • If your agent is on Windows:
        • If your agent is on Linux:
      • Check Status Failed
      • Installation of Feature 'dpi' failed
        • Additional information
      • Intrusion Prevention Rule Compilation Failed
        • Apply Intrusion Prevention best practices
        • Manage rules
        • Unassign application types from a single port
      • Log Inspection Rules Require Log Files
        • If the file's location is required:
        • If the files listed do not exist on the protected machine:
      • Module installation failed (Linux)
      • There are one or more application type conflicts on this computer
        • Resolution
      • Unable to connect to the cloud account
        • Your AWS account access key ID or secret access key is invalid
        • The incorrect AWS IAM policy has been applied to the account being used by Workload Security
        • NAT, proxy, or firewall ports are not open, or settings are incorrect
      • Unable to resolve instance hostname
      • Integrity Monitoring information collection has been delayed
      • Max TCP connections
      • Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Cause 1: The agent or relay-enabled agent doesn't have Internet access
        • Cause 2: A proxy was enabled but not configured properly
      • Insufficient disk space
        • Tips
      • Reconnaissance Detected
        • Types of reconnaissance scans
        • Suggested actions
  • Configure proxies
    • Configure proxies
      • Register a proxy in Workload Security
      • Supported proxy protocols
      • Connect to the 'primary security update source' via proxy
      • Connect to Workload Security via proxy
      • Connect to relays via proxy
      • Connect to the Smart Protection Network via proxy
      • Remove a proxy
    • Proxy settings
      • Proxy server use
  • Configure relays
    • How relays work
      • Relay hierarchy, cost, and performance
    • Deploy additional relays
      • Plan the best number and location of relays
      • Configure the update source
      • Configure relays
    • Remove relay functionality
  • Manage agents (protected computers)
    • Computer and agent statuses
      • Status column - computer states
      • Status column - agent states
      • Task(s) column
      • Computer errors
      • Protection module status
      • Perform other actions on your computers
      • Computers icons
      • Status information for different types of computers
    • Configure agent version control
      • Set up agent version control
      • Use agent version control with URL requests
      • Agent version control FAQs
    • Configure teamed NICs
      • Windows
      • Solaris
    • Communication between Workload Security and the agent
      • Configure the heartbeat
      • Configure communication directionality
      • Supported cipher suites for communication
    • Configure agents that have no internet access
      • Solutions
      • Use a proxy
      • Install a Smart Protection Server locally
      • Disable the features that use Trend Micro security services
    • Activate and protect agents using agent-initiated activation and communication
      • Enable agent-initiated activation and communication
    • Automatically upgrade agents on activation
      • Enable automatic agent upgrade
      • Check that agents were upgraded successfully
    • Using Deep Security Agent with iptables
      • Rules required by Deep Security Agent
      • Prevent Deep Security Agent from automatically adding iptables rules
    • Enable Managed Detection and Response
    • Enable or disable agent self-protection
      • Configure self-protection through the Workload Security console
      • Configure self-protection using the command line
    • Are "Offline" agents still protected by Workload Security?
    • Automate offline computer removal with inactive agent cleanup
      • Enable inactive agent cleanup
      • Check the audit trail for computers removed by an inactive cleanup job
    • Agent settings
      • Agent-initiated activation (AIA)
      • Agent Upgrade
      • Inactive Agent Cleanup
      • Data Privacy
    • Linux Secure Boot support for agents
      • Upgrade the agent if you're using Secure Boot
    • Workload Security Notifier
      • How the notifier works
  • Navigate and customize the Workload Security console
    • Customize the dashboard
      • Date and time range
      • Computers and computer groups
      • Filter by tags
      • Select dashboard widgets
      • Change the layout
      • Save and manage dashboard layouts
    • Group computers dynamically with smart folders
      • Create a smart folder
      • Edit a smart folder
      • Clone a smart folder
      • Focus your search using sub-folders
      • Automatically create sub-folders
      • Searchable Properties
      • Operators
    • Customize advanced system settings
      • Export
      • Manager AWS Identity
      • Application control
  • Harden Workload Security
    • About Workload Security hardening
    • Manage trusted certificates
      • Import trusted certificates
      • View trusted certificates
      • Remove trusted certificates
    • SSL implementation and credential provisioning
    • Protect Deep Security Agent
    • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro
  • Upgrade Workload Security
    • About upgrades
      • How Workload Security checks for software upgrades
      • Best practices for upgrades
      • How Workload Security validates update integrity
    • Apply security updates
      • Initiate security updates
      • Check your security update status
      • View details about pattern updates
      • Revert, import, or view details about rule updates
      • Configure security updates
    • Disable emails for New Pattern Update alerts
    • Use a web server to distribute software updates
      • Web server requirements
      • Copy the folder structure
      • Configure agents to use the new software repository
    • Upgrade the relay
      • Upgrade a relay from Workload Security
      • Upgrade a relay by running the installer manually
    • Upgrade the agent
      • Before you begin an upgrade
      • Upgrade the agent starting from an alert
      • Upgrade multiple agents at once
      • Upgrade the agent from the Computers page
      • Upgrade the agent on activation
      • Upgrade the agent manually
      • Upgrade best practices for agents
  • Uninstall the Deep Security Agent
    • Uninstall Deep Security Agent
    • Uninstall Deep Security Notifier
Integrations
  • Integrate with AWS PrivateLink
    • Connecting to Workload Security without AWS PrivateLink
    • How does AWS PrivateLink work with Workload Security?
    • VPC Service Endpoints for use with AWS PrivateLink
    • Workload Security VPC Service Endpoint region support
    • Configure PrivateLink for use with Workload Security
    • What if my traffic originates from a region without a VPC service endpoint?
  • Integrate with AWS Control Tower
    • Overview
    • Integrate with AWS Control Tower
    • Upgrade AWS Control Tower integration
    • Remove AWS Control Tower integration
  • Integrate with AWS Systems Manager Distributor
    • Create an IAM policy
    • Create a role and assign the policy
    • Create parameters
    • Integrate with AWS Systems Manager Distributor
    • Protect your computers
  • Integrate with Apex Central
  • Integrate with Smart Protection Server
  • Integrate with Trend Micro Vision One
    • Register to Trend Micro Vision One (XDR)
    • Forward security events to Trend Micro Vision One (XDR)
    • Enable Activity Monitoring
FAQs
  • How are features released in Workload Security?
    • Previews
    • General Availability
  • Why does my Windows machine lose network connectivity when I turn on protection?
  • How does agent protection work for Solaris zones?
    • Intrusion Prevention (IPS), Firewall, and Web Reputation
    • Anti-Malware, Integrity Monitoring, and Log Inspection
  • How do I protect Azure Government instances?
  • How does the agent use the Amazon Instance Metadata Service?
  • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
  • Why can I not add my Azure server using the Azure cloud connector?
  • Why can I not view all of the VMs in an Azure subscription in Workload Security?
Troubleshooting
  • Offline agent
    • Causes
    • Verify that the agent is running
    • Verify DNS
    • Allow outbound ports (agent-initiated heartbeat)
    • Allow ICMP on Amazon AWS EC2 instances
    • Fix the upgrade issue on Solaris 11
  • High CPU usage
  • Diagnose problems with agent deployment (Windows)
  • Anti-Malware Windows platform update failed
    • An incompatible Anti-Malware component from another Trend Micro product
    • An incompatible Anti-Malware component from a third-party product
    • Other/unknown Error
  • Security update connectivity
  • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
  • Issues adding your AWS account to Workload Security
    • AWS is taking longer than expected
    • Resource is not supported in this region
    • Template validation issue
    • Workload Security was unable to add your AWS account
  • Create a diagnostic package and logs
    • Deep Security Agent diagnostics
  • Removal of older software versions
  • Troubleshoot SELinux alerts
Trust and compliance information
  • About compliance
  • Agent package integrity check
    • Troubleshoot
    • Supported Deep Security Relay versions
  • Meet PCI DSS requirements with Workload Security
  • GDPR
  • Set up AWS Config Rules
  • Bypass vulnerability management scan traffic in Workload Security
    • Create a new IP list from the vulnerability scan provider IP range or addresses
    • Create firewall rules for incoming and outbound scan traffic
    • Assign the new firewall rules to a policy to bypass vulnerability scans
  • Use TLS 1.2 with Workload Security
    • TLS architecture
    • Enable the TLS 1.2 architecture
    • Next steps (deploy new agents and relays)
  • Privacy and personal data collection disclosure
Release notes and scheduled maintenance
  • Scheduled maintenance
    • Next scheduled maintenance
  • What's new in Workload Security
  • API changelog
    • June 3, 2020
    • June 1, 2020
    • May 19, 2020
    • April 9, 2020
    • February 27, 2020
    • January 07, 2020
    • January 09, 2020
Topics on this page

Run the code examples

The code examples in the Workload Security automation guides are available from the Workload Security SDK Samples GitHub repository. See the repository readme for instructions about how to obtain and run the samples.

Previous
SDK version compatibility
Next
Index of code examples
Data Protection Legal Browser Requirements
© 2021 Trend Micro Incorporated. All rights reserved.