Skip to content

Commit

Permalink
Address review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@tirthrajchaudhari-crest
tirthrajchaudhari-crest committed Sep 24, 2024
1 parent a09dd09 commit e047aec
Showing 1 changed file with 13 additions and 11 deletions.
24 changes: 13 additions & 11 deletions trend_micro_vision_one_xdr/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,26 @@

This integration ingests the following logs:

- Workbench Alerts: This endpoint contains information about all the standalone alerts triggered by detection models.
- Observed Attack Techniques: This endpoint contains information about observed attack techniques from Detections, Endpoint Activity, Cloud Activity, Email Activity, Mobile Activity, Network Activity, Container Activity, and Identity Activity data sources.
- **Workbench Alerts**: This endpoint contains information about all the standalone alerts triggered by detection models.
- **Observed Attack Techniques**: This endpoint contains information about observed attack techniques from Detections, Endpoint Activity, Cloud Activity, Email Activity, Mobile Activity, Network Activity, Container Activity, and Identity Activity data sources.

This integration collects all the above listed logs and sends them to Datadog for analysis. Datadog uses the built-in logs pipeline to parse and enrich these logs, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. Also, This integration provides out of the box detection rules.
This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
* https://docs.datadoghq.com/logs/explorer/
* https://www.datadoghq.com/product/cloud-siem/

## Setup

### Configuration

#### Create API KEY from Trend Micro Vision One XDR

1. On the Trend Vision One console, go to **Administration > API Keys** .
2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key.
- Name: A meaningful name that can help you identify the API key
- Role: The user role assigned to the key. Select **SIEM** from dropdown.
- Expiration time: The time the API key remains valid.
- Status: Whether the API key is enabled.
- Details: Extra information about the API key.
1. In the Trend Vision One console, go to **Administration > API Keys** .
2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key with the following:
- **Name**: A meaningful name that can help you identify the API key
- **Role**: The user role assigned to the key. Select **SIEM** from dropdown.
- **Expiration time**: The time the API key remains valid.
- **Status**: Whether the API key is enabled.
- **Details**: Extra information about the API key.
3. Click **Add**.
4. Copy and store the authentication token in a secure location.

Expand All @@ -31,7 +33,7 @@ This integration collects all the above listed logs and sends them to Datadog fo
Configure the Datadog endpoint to forward Trend Micro Vision One XDR logs to Datadog.

1. Navigate to `Trend Micro Vision One XDR`.
2. Add your Trend Micro Vision One XDR credentials.
2. Add your Trend Micro Vision One XDR Host Region and API Key.

| Trend Micro Vision One XDR Parameters | Description |
| ------------------------------------- | ------------------------------------------------------------ |
Expand Down

0 comments on commit e047aec

Please sign in to comment.