-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEMINT-85] DDS: Trend Micro Vision One XDR: Crawler Integration v1.0.0 #18208
base: master
Are you sure you want to change the base?
[SIEMINT-85] DDS: Trend Micro Vision One XDR: Crawler Integration v1.0.0 #18208
Conversation
Thanks, created DOCS-8655 to review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few small edits
trend_micro_vision_one_xdr/README.md
Outdated
@@ -0,0 +1,65 @@ | |||
## Overview | |||
|
|||
[Trend Micro Vision One XDR][1] collects and automatically correlates data across multiple security layers - email, endpoint, server, cloud workload, and network. This allows for faster detection of threats and improved investigation and response times through security analysis. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[Trend Micro Vision One XDR][1] collects and automatically correlates data across multiple security layers - email, endpoint, server, cloud workload, and network. This allows for faster detection of threats and improved investigation and response times through security analysis. | |
[Trend Micro Vision One XDR][1] collects and automatically correlates data across multiple security layers: email, endpoint, server, cloud workload, and network. This allows for faster detection of threats and improved investigation and response times through security analysis. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
- Workbench Alerts | ||
- Observed Attack Techniques | ||
|
||
This integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. | |
This integration collects all the above listed logs and sends them to Datadog for analysis. Datadog uses the built-in logs pipeline to parse and enrich these logs, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
## Data Collected | ||
|
||
### Logs | ||
The Trend Micro Vision One XDR integration collects and forwards Workbench Alerts and Observed Attack Techniques logs to Datadog. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any setup required here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have added the setup configurations steps above. Can you please let us know the exact requirement here?
"id": 5872268233797356, | ||
"definition": { | ||
"type": "note", | ||
"content": "This dashboard offers a comprehensive view of detected attack patterns across various data sources, including network traffic, application logs, and endpoint activities. \n\nThis allows you to visualize and analyze attack techniques in real time, enhancing their ability to identify and respond to threats quickly. \n\nFor more information, see the [Trend Micro Vision One XDR Integration Documentation](https://docs.datadoghq.com/integrations/trend_micro_vision_one_xdr).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"content": "This dashboard offers a comprehensive view of detected attack patterns across various data sources, including network traffic, application logs, and endpoint activities. \n\nThis allows you to visualize and analyze attack techniques in real time, enhancing their ability to identify and respond to threats quickly. \n\nFor more information, see the [Trend Micro Vision One XDR Integration Documentation](https://docs.datadoghq.com/integrations/trend_micro_vision_one_xdr).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", | |
"content": "This dashboard offers a comprehensive view of detected attack patterns across various data sources, including network traffic, application logs, and endpoint activities. \n\nThis allows you to visualize and analyze attack techniques in real time, enhancing your ability to identify and respond to threats quickly. \n\nFor more information, see the [Trend Micro Vision One XDR Integration Documentation](https://docs.datadoghq.com/integrations/trend_micro_vision_one_xdr).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
…into trend-micro-vision-one-xdr-assets-v1.0.0
…thub.com/bhargavnariyanicrest/integrations-core into trend-micro-vision-one-xdr-assets-v1.0.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple small changes are needed to the tile copy.
trend_micro_vision_one_xdr/README.md
Outdated
|
||
### Installation | ||
- Workbench Alerts | ||
- Observed Attack Techniques |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please provide a description of what is contained in each endpoint
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
|
||
The trend-micro-vision-one-xdr check is included in the [Datadog Agent][2] package. | ||
No additional installation is needed on your server. | ||
This integration collects all the above listed logs and sends them to Datadog for analysis. Datadog uses the built-in logs pipeline to parse and enrich these logs, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add that we also offer out of the box detection rules for Ccloud SIEM customers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
trend_micro_vision_one_xdr/README.md
Outdated
|
||
### Installation | ||
- Workbench Alerts: This endpoint contains information about all the standalone alerts triggered by detection models. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nit] Can we bold "Workbench Alerts "and "Observed Attack Techniques"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
|
||
The trend-micro-vision-one-xdr check is included in the [Datadog Agent][2] package. | ||
No additional installation is needed on your server. | ||
This integration collects all the above listed logs and sends them to Datadog for analysis. Datadog uses the built-in logs pipeline to parse and enrich these logs, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. Also, This integration provides out of the box detection rules. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nit] This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
!!! Add list of steps to set up this integration !!! | ||
#### Create API KEY from Trend Micro Vision One XDR | ||
|
||
1. On the Trend Vision One console, go to **Administration > API Keys** . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On > In
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
#### Create API KEY from Trend Micro Vision One XDR | ||
|
||
1. On the Trend Vision One console, go to **Administration > API Keys** . | ||
2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Specify the settings of the new API key." > "Specify the settings of the new API key with the following:"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
|
||
1. On the Trend Vision One console, go to **Administration > API Keys** . | ||
2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key. | ||
- Name: A meaningful name that can help you identify the API key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please bold headings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
trend_micro_vision_one_xdr/README.md
Outdated
Configure the Datadog endpoint to forward Trend Micro Vision One XDR logs to Datadog. | ||
|
||
1. Navigate to `Trend Micro Vision One XDR`. | ||
2. Add your Trend Micro Vision One XDR credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we be more specific about which credentials, are they admin credentials?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated message with more specific details
e047aec
What does this PR do?
This is a initial release PR of Trend Micro Vision One XDR integration including all the required assets.
Additional Notes
Review checklist (to be filled by reviewers)
qa/skip-qa
label if the PR doesn't need to be tested during QA.backport/<branch-name>
label to the PR and it will automatically open a backport PR once this one is merged