From 2612bb089a3c5b79fd44ed3f3a67215fee904499 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Tue, 10 Dec 2024 14:00:29 +0200 Subject: [PATCH 1/2] Add docs for Trend Micro Vision One -OAT --- .../endpoint/trend_micro_vision_one_oat.md | 52 +++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 53 insertions(+) create mode 100644 docs/integration/categories/endpoint/trend_micro_vision_one_oat.md diff --git a/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md new file mode 100644 index 000000000..7d9ac31c1 --- /dev/null +++ b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md @@ -0,0 +1,52 @@ +uuid: 2345b987-a94a-4363-b7bc-a6e4a9efd98a +name: Trend Micro Vision One Observed Attack Techniques [BETA] +type: intake + + +## Overview + +Trend Micro Vision One is an extended detection and response (XDR) platform that enhances threat detection, investigation, and response across multiple security layers. It provides a centralized view for improved security posture and faster threat remediation. +This intake format will ingest Observed Attack Techniques from Trend Micro Vision One. + +!!! Warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +- **Supported environment**: SaaS +- **Detection based on**: Alerts +- **Supported application or feature**: + - Observed Attack Techniques + +## Configure + +### How to create an API token + +1. Log in the Trend Vision One console +2. On the left panel, click `Administration` then click `API keys` + + ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) + +3. Click `Add API key` + + ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) + +4. Type a name for the API key +5. Select the `SIEM` role and an expiration time +6. Check `status` to enable the API key + + ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) + +7. Copy the API key and click `Close` + + ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) + +### Instruction on Sekoia + +{!_shared_content/integration/intake_configuration.md!} + +{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!} + +{!_shared_content/integration/detection_section.md!} + +{!_shared_content/operations_center/detection/generated/suggested_rules_2345b987-a94a-4363-b7bc-a6e4a9efd98a_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!} \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 26a8e3b54..52706c3cd 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -362,6 +362,7 @@ nav: - Trellix EDR: integration/categories/endpoint/trellix_edr.md - Trend Micro Apex One: integration/categories/endpoint/trend_micro_apex_one.md - Trend Micro Vision One Workbench: integration/categories/endpoint/trend_micro_vision_one_workbench.md + - Trend Micro Vision One Observed Attack Techniques: integration/categories/endpoint/trend_micro_vision_one_oat.md - VMWare ESXi: integration/categories/endpoint/vmware_esxi.md - VMWare VCenter: integration/categories/endpoint/vmware_vcenter.md - Windows: integration/categories/endpoint/windows.md From aec1c146798bc76ba5463d9597784514600fcc36 Mon Sep 17 00:00:00 2001 From: lvoloshyn-sekoia Date: Tue, 10 Dec 2024 14:11:27 +0200 Subject: [PATCH 2/2] Add docs for Trend Micro Vision One - OAT --- .../trend_micro_vision_one_api_key.md | 20 ++++++++++++++++++ .../endpoint/trend_micro_vision_one_oat.md | 21 +------------------ .../trend_micro_vision_one_workbench.md | 21 +------------------ 3 files changed, 22 insertions(+), 40 deletions(-) create mode 100644 _shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md diff --git a/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md b/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md new file mode 100644 index 000000000..192c16787 --- /dev/null +++ b/_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md @@ -0,0 +1,20 @@ +### How to create an API token + +1. Log in the Trend Vision One console +2. On the left panel, click `Administration` then click `API keys` + + ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) + +3. Click `Add API key` + + ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) + +4. Type a name for the API key +5. Select the `SIEM` role and an expiration time +6. Check `status` to enable the API key + + ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) + +7. Copy the API key and click `Close` + + ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) diff --git a/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md index 7d9ac31c1..dfff707de 100644 --- a/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md +++ b/docs/integration/categories/endpoint/trend_micro_vision_one_oat.md @@ -18,26 +18,7 @@ This intake format will ingest Observed Attack Techniques from Trend Micro Visio ## Configure -### How to create an API token - -1. Log in the Trend Vision One console -2. On the left panel, click `Administration` then click `API keys` - - ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) - -3. Click `Add API key` - - ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) - -4. Type a name for the API key -5. Select the `SIEM` role and an expiration time -6. Check `status` to enable the API key - - ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) - -7. Copy the API key and click `Close` - - ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) +{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!} ### Instruction on Sekoia diff --git a/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md b/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md index a93c74d15..9e295bcb6 100644 --- a/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md +++ b/docs/integration/categories/endpoint/trend_micro_vision_one_workbench.md @@ -18,26 +18,7 @@ This integration will ingest Workbench Alerts from Trend Micro Vision One. ## Configure -### How to create an API token - -1. Log in the Trend Vision One console -2. On the left panel, click `Administration` then click `API keys` - - ![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png) - -3. Click `Add API key` - - ![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png) - -4. Type a name for the API key -5. Select the `SIEM` role and an expiration time -6. Check `status` to enable the API key - - ![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png) - -7. Copy the API key and click `Close` - - ![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png) +{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!} ### Instruction on Sekoia