Ansible Role trend_micro_v1es

This role installs and activates the Trend Vision One Endpoint Security agent (v1es) on Linux servers. It covers pre-flight checks, agent download and installation via the XBC API, agent registration, and Server & Workload Protection (SWP) activation.

Available in the next LFOps release.

How the Role Behaves

Trend Vision One Endpoint Security combines two products on the same host, and this role configures both:

• Endpoint Sensor (XDR/EDR) is the Endpoint Basecamp agent (tmxbc). It is downloaded and installed through the XBC API.

• Server & Workload Protection (SWP) is the Deep Security agent (ds_agent). It ships inside the same full package and is activated against a Deep Security Manager (DSM).

The „Server & Workload Protection (SWP)“ deployment script generated in the Vision One console contains every value the role needs. It bundles both products in one full package: it lists two scenario IDs (one for the Endpoint Sensor, one for SWP) and carries the SWP activation values. The role installs that package, waits for the SWP agent to come up, and then activates it against the DSM.

The role decides whether to run the install and activation by checking two files that the agents create once they are registered: /opt/TrendMicro/EndpointBasecamp/etc/.identity (Endpoint Sensor) and /var/opt/ds_agent/dsa_core/ds_agent.crt (SWP). Once both exist the role is a no-op, so re-running it against an installed host changes nothing. If either file is missing (a partial install, or one of the agents was removed) the role downloads the package again and reinstalls and reactivates both agents. To force a clean reinstall, remove the agents so both files are gone before running the role.

Further reading:

• Trend Micro concepts and products: https://docs.linuxfabrik.ch/software/trend-micro.html

• Agent platform compatibility: https://help.deepsecurity.trendmicro.com/20_0/on-premise/agent-compatibility.html

Known Limitations

The role does not configure an HTTP/HTTPS proxy. On hosts that reach the Trend Micro backends only through a proxy, set the proxy globally on the target so both the installer download and tmxbc pick it up, for example in /etc/environment:

HTTP_PROXY=http://192.0.2.30:8080/
HTTPS_PROXY=http://192.0.2.30:8080/
http_proxy=http://192.0.2.30:8080/
https_proxy=http://192.0.2.30:8080/

Requirements

• At least 2 GB of RAM. The Server & Workload Protection agent (ds_agent) enforces this minimum during its pre-check; on a host with less memory the pre-check fails and ds_agent is never installed.

• Running as root (use become: true).

• /tmp must be writable on the target host.

Supported architectures: x86_64, aarch64.

Manual steps:

• Generate the Server & Workload Protection (SWP) deployment script in the Vision One console and read the role variable values from it. This is mandatory: the script is the only source of the customer ID, company ID, scenario IDs and SWP activation values the role needs. Use the SWP deployment script, not the Endpoint-Sensor-only one. The Endpoint-Sensor-only script lists a single scenario ID and none of the SWP activation values (tenant ID, token, DSM FQDN), so the SWP agent (ds_agent) cannot be installed.

  1. In the Vision One console, make sure a „Server & Workload Protection“ product instance exists. If not, create it under Service Management -> Create product instance -> Server & Workload Protection.

  2. Navigate to Endpoint Security -> Endpoint Inventory -> Agent Installer -> Deployment Script.

  3. Select „Server & Workload Protection“ as the endpoint group and „Linux“ as the operating system.

  4. The previewed script contains every value the role needs.

The script is a bash installer. Map its values to the role variables as follows (the script has separate x86_64 and aarch64 blocks; company_id is identical in both, only scenario_ids differ per architecture):

Role variable	Where it appears in the deployment script
trend_micro_v1es__customer_id	CUSTOMER_ID="..."
trend_micro_v1es__group_id	GROUP_ID=... (optional, defaults to 0)
trend_micro_v1es__policy_id	POLICY_ID=... (optional, defaults to 0)
trend_micro_v1es__relay_group_id	RELAY_GROUP_ID=... (optional, defaults to 0)
trend_micro_v1es__swp_dsm_fqdn	the host in dsa_control -a dsm://<host>:443/
trend_micro_v1es__swp_login.tenant_id	tenantID:... in the dsa_control activation line
trend_micro_v1es__swp_login.token	token:... in the dsa_control activation line
trend_micro_v1es__xbc_env	XBC_ENV="..." (optional, defaults to prod-eu1)
trend_micro_v1es__xbc_fqdn	XBC_FQDN="..."
trend_micro_v1es__xbc_installer_company_id	company_id in the HTTP_BODY (identical in both archType blocks)
trend_micro_v1es__xbc_installer_<arch>_scenario_ids	scenario_ids in the HTTP_BODY of the matching archType block (both IDs)

Tags

trend_micro_v1es

• Runs the pre-flight checks (supported architecture, scenario IDs, writable /tmp, minimum RAM).

• Installs the required packages (curl, tar).

• Downloads the installer from the XBC API and installs the Endpoint Sensor agent (tmxbc).

• Waits for agent registration.

• Activates Server & Workload Protection (ds_agent) against the Deep Security Manager.

• Triggers: none.

Mandatory Role Variables

trend_micro_v1es__customer_id

• Customer ID used in the installer API request.

• Type: String.

trend_micro_v1es__swp_dsm_fqdn

• Deep Security Manager FQDN used to activate Server & Workload Protection.

• Type: String.

trend_micro_v1es__swp_login

• Server & Workload Protection activation credentials.

• Type: Dictionary.

• Subkeys:

  • tenant_id:

    • Mandatory. Tenant ID used to activate Server & Workload Protection.

    • Type: String.

  • token:

    • Mandatory. Activation token used to activate Server & Workload Protection.

    • Type: String.

trend_micro_v1es__xbc_installer_aarch64_scenario_ids

• List of scenario IDs for the aarch64 installer API request. Include all IDs from the deployment script (endpoint sensor and SWP). Required on aarch64 hosts only.

• Type: List of strings.

trend_micro_v1es__xbc_installer_company_id

• Company ID for the installer API request. The same value for both architectures.

• Type: String.

trend_micro_v1es__xbc_installer_x86_64_scenario_ids

• List of scenario IDs for the x86_64 installer API request. Include all IDs from the deployment script (endpoint sensor and SWP). Required on x86_64 hosts only.

• Type: List of strings.

Example:

# mandatory
trend_micro_v1es__customer_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
trend_micro_v1es__swp_dsm_fqdn: 'agents.workload.de-1.cloudone.trendmicro.com'
trend_micro_v1es__swp_login:
  tenant_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
  token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
trend_micro_v1es__xbc_installer_aarch64_scenario_ids:
  - 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
  - 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
trend_micro_v1es__xbc_installer_company_id: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
trend_micro_v1es__xbc_installer_x86_64_scenario_ids:
  - 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
  - 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

Optional Role Variables

trend_micro_v1es__group_id

• Agent group for organisation.

• Type: Number.

• Default: 0

trend_micro_v1es__policy_id

• Security policy to apply. 0 means no specific policy.

• Type: Number.

• Default: 0

trend_micro_v1es__relay_group_id

• Relay group for agent communication.

• Type: Number.

• Default: 0

trend_micro_v1es__xbc_env

• XBC environment identifier.

• Type: String.

• Default: 'prod-eu1'

trend_micro_v1es__xbc_fqdn

• XBC backend FQDN. Use the FQDN matching your region.

• Type: String.

• Default: 'api-eu1.xbc.trendmicro.com'

Example:

# optional
trend_micro_v1es__group_id: 10
trend_micro_v1es__policy_id: 42
trend_micro_v1es__relay_group_id: 5
trend_micro_v1es__xbc_fqdn: 'api-us1.xbc.trendmicro.com'

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich