- Print
- DarkLight
Trend Micro Vision One provides comprehensive detection and response capabilities across emails, endpoints, servers, cloud workloads, and networks, all through a single platform or via the managed Trend Micro Vision One service. The integration enables monitoring of alerts, audits, and detection activities.
Integration Method: API
Tables: Incident finding
Trend Micro Vision One Configuration
An API key needs to be set up in the Trend Micro Vision platform.
Sign in to the Trend Vision One Dashboard.
Click on the left bottom arrow to open the side bar.
In the side bar menu, scroll down and click on the Administration option.
In the Administration dropdown, click on API Keys.
Click on Add API Key.
Fill in the details which are required for generating the API key.
Select Master Administrator in the Role option.
Make sure that the Status is ON.
Click on Add at the bottom of the side window.
You can view the API key and URL highlighted in the red boxes. Save this key for later DataBee configuration
The Website URL helps identify the data region associated with the user, which is required for API ingestion in the DataBee UI.
You can determine the Trend Vision One site (location/region) based on the Trend Vision One portal URL. Refer to the following docs.
You can determine your base URL as per your site found above for DataBee Input in this API documentation.
The Table below shows the Trend Micro portal URL and base URL for DataBee as per Nov, 2024. This may be subject to change as per API specifications.
Trend Micro Vision One URL prefix | Data Region | API Base URL |
United States | https://api.xdr.trendmicro.com | |
Europe | https://api.eu.xdr.trendmicro.com | |
Japan | https://api.xdr.trendmicro.co.jp | |
Singapore | https://api.sg.xdr.trendmicro.com | |
Australia | https://api.au.xdr.trendmicro.com | |
India | https://api.in.xdr.trendmicro.com | |
MEA | https://api.mea.xdr.trendmicro.com |
DataBee Configuration
Login to the DataBee console and navigate to Data > Data Source and click the Add New Data Source button.
Search for Trend Micro Vision One, and click it
Click on the API Ingest Option.
Add the details about Data Source Name, Owner Name and Owner E-mail and click on Next.
In the configuration details, enter the following:
Authorization Method: Bearer Token
Token: Paste the API token generated earlier
API URL: Replace the <placeholder> as per the data region found the Trend Micro Portal URL.
Click Submit