Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs for Trend Micro Vision One OAT #2123

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
### How to create an API token

1. Log in the Trend Vision One console
2. On the left panel, click `Administration` then click `API keys`

![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png)

3. Click `Add API key`

![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png)

4. Type a name for the API key
5. Select the `SIEM` role and an expiration time
6. Check `status` to enable the API key

![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png)

7. Copy the API key and click `Close`

![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png)
33 changes: 33 additions & 0 deletions docs/integration/categories/endpoint/trend_micro_vision_one_oat.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
uuid: 2345b987-a94a-4363-b7bc-a6e4a9efd98a
name: Trend Micro Vision One Observed Attack Techniques [BETA]
type: intake


## Overview

Trend Micro Vision One is an extended detection and response (XDR) platform that enhances threat detection, investigation, and response across multiple security layers. It provides a centralized view for improved security posture and faster threat remediation.
This intake format will ingest Observed Attack Techniques from Trend Micro Vision One.

!!! Warning
Important note - This format is currently in beta. We highly value your feedback to improve its performance.

- **Supported environment**: SaaS
- **Detection based on**: Alerts
- **Supported application or feature**:
- Observed Attack Techniques

## Configure

{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!}

### Instruction on Sekoia

{!_shared_content/integration/intake_configuration.md!}

{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!}

{!_shared_content/integration/detection_section.md!}

{!_shared_content/operations_center/detection/generated/suggested_rules_2345b987-a94a-4363-b7bc-a6e4a9efd98a_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/2345b987-a94a-4363-b7bc-a6e4a9efd98a.md!}
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,7 @@ This integration will ingest Workbench Alerts from Trend Micro Vision One.

## Configure

### How to create an API token

1. Log in the Trend Vision One console
2. On the left panel, click `Administration` then click `API keys`

![step 1](/assets/integration/cloud_and_saas/trend_micro_vision_one/01_administration.png)

3. Click `Add API key`

![step 2](/assets/integration/cloud_and_saas/trend_micro_vision_one/02_create_api_key.png)

4. Type a name for the API key
5. Select the `SIEM` role and an expiration time
6. Check `status` to enable the API key

![step 3](/assets/integration/cloud_and_saas/trend_micro_vision_one/03_create_api_key.png)

7. Copy the API key and click `Close`

![step 4](/assets/integration/cloud_and_saas/trend_micro_vision_one/04_save_api_key.png)
{!_shared_content/operations_center/integrations/trend_micro_vision_one_api_key.md!}

### Instruction on Sekoia

Expand Down
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,7 @@ nav:
- Trellix EDR: integration/categories/endpoint/trellix_edr.md
- Trend Micro Apex One: integration/categories/endpoint/trend_micro_apex_one.md
- Trend Micro Vision One Workbench: integration/categories/endpoint/trend_micro_vision_one_workbench.md
- Trend Micro Vision One Observed Attack Techniques: integration/categories/endpoint/trend_micro_vision_one_oat.md
- VMWare ESXi: integration/categories/endpoint/vmware_esxi.md
- VMWare VCenter: integration/categories/endpoint/vmware_vcenter.md
- Windows: integration/categories/endpoint/windows.md
Expand Down
Loading