diff --git a/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md b/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md new file mode 100644 index 000000000..192c16787 --- /dev/null +++ b/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md @@ -0,0 +1,20 @@ +### How to create an API token + +1. Log in the Trend Vision One console +2. On the left panel, click `Administration` then click `API keys` + + ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) + +3. Click `Add API key` + + ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) + +4. Type a name for the API key +5. Select the `SIEM` role and an expiration time +6. Check `status` to enable the API key + + ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) + +7. Copy the API key and click `Close` + + ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) diff --git a/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md new file mode 100644 index 000000000..dfff707de --- /dev/null +++ b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md @@ -0,0 +1,33 @@ +uuid: 2345b987-a94a-4363-b7bc-a6e4a9efd98a +name: Trend Micro Vision One Observed Attack Techniques [BETA] +type: intake + + +## Overview + +Trend Micro Vision One is an extended detection and response (XDR) platform that enhances threat detection, investigation, and response across multiple security layers. It provides a centralized view for improved security posture and faster threat remediation. +This intake format will ingest Observed Attack Techniques from Trend Micro Vision One. + +!!! Warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +- **Supported environment**: SaaS +- **Detection based on**: Alerts +- **Supported application or feature**: + - Observed Attack Techniques + +## Configure + +{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!} + +### Instruction on Sekoia + +{!_shared_content/integration/intake_configuration.md!} + +{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!} + +{!_shared_content/integration/detection_section.md!} + +{!_shared_content/operations_center/detection/generated/suggested_rules_2345b987-a94a-4363-b7bc-a6e4a9efd98a_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!} \ No newline at end of file diff --git a/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md b/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md index a93c74d15..9e295bcb6 100644 --- a/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md +++ b/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md @@ -18,26 +18,7 @@ This integration will ingest Workbench Alerts from Trend Micro Vision One. ## Configure -### How to create an API token - -1. Log in the Trend Vision One console -2. On the left panel, click `Administration` then click `API keys` - - ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) - -3. Click `Add API key` - - ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) - -4. Type a name for the API key -5. Select the `SIEM` role and an expiration time -6. Check `status` to enable the API key - - ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) - -7. Copy the API key and click `Close` - - ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) +{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!} ### Instruction on Sekoia diff --git a/mkdocs.yml b/mkdocs.yml index 26a8e3b54..52706c3cd 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -362,6 +362,7 @@ nav: - Trellix EDR: integration/categories/endpoint/trellix_edr.md - Trend Micro Apex One: integration/categories/endpoint/trend_micro_apex_one.md - Trend Micro Vision One Workbench: integration/categories/endpoint/trend_micro_vision_one_workbench.md + - Trend Micro Vision One Observed Attack Techniques: integration/categories/endpoint/trend_micro_vision_one_oat.md - VMWare ESXi: integration/categories/endpoint/vmware_esxi.md - VMWare VCenter: integration/categories/endpoint/vmware_vcenter.md - Windows: integration/categories/endpoint/windows.md