- 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Trend Micro Vision One
- Updated on 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Trend Micro Vision One provides comprehensive detection and response capabilities across emails, endpoints, servers, cloud workloads, and networks. The Trend Micro Vision One integration enables monitoring of alerts, audits, and detection activities. More details on Vision One can be found at Trend Micro's website.
Integration Method: API
Tables: Incident Finding (2005)
This integration supports the following events.
Event | Description |
---|---|
Alerts | Retrieve a list of workbench alerts along with their details. |
This integration supports the following versions.
Trend Micro Vision One API version supported | v3.0 |
Note:
Trend Micro Vision One is a continuously updated cloud service. As for this document preparation, the latest release was in February 2025.
Prerequisites
The user should have access to the Trend Micro Vision One console.
The user should have “Master Administrator” privileges to create Api key in the Trend Micro Vision One console. Find more details related to privileges here.
The user should have access to the DataBee platform.
Configuration Overview
Create an API key to fetch the data from Trend Micro Vision One platform.
Add Trend Micro Vision One in the DataBee console with below parameter.
DataBee Feed Parameter
Trend Micro Vision One Parameter
API Base URL (Region)
URL Region
Token
Token
Trend Micro Vision One Configuration
Create an API Key
Log on to the Trend Vision One Dashboard.
Note:
The sign-in page link varies based on the customer and their region. Use the link provided by your respective team.
Click on the left bottom arrow (>>) to open the side bar.
Click on the Administration option from the side bar.
In the Administration dropdown, Select API Keys.
Click on Add API Key.
Fill in the required details for API key generation.
Name: add Name of the Key in the Name field.
Role: select Master Administrator in the Role option.
Status: make sure that the Status is turned ON.
Expiration Time: set Expiration Time as per the requirements.
Description: add Description for the key.
Click on Add at the bottom of the side window.
Note:
Credentials will expire after mentioned Expiration Time.
Save the API Key and Website URL domain highlighted below for the Databee configuration. URL domain may change based on the region or location. Please refer this doc for more details.
Note:
Copy and Save the Client details. The Client Secret will not be shown again. The credentials will need to be regenerated when it expires.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Trend Micro Vision One and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, enter the following:
API Base URL: replace the <placeholder> as per the data region found the Trend Micro Portal URL as mentioned earlier.
Authorization Method: Bearer Token
Token: API token generated earlier.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure that the application has necessary permissions as mentioned in the document.