-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEMINT-85] DDS: Trend Micro Vision One XDR: Crawler Integration v1.0.0 #18208
base: master
Are you sure you want to change the base?
Changes from 19 commits
7053b1e
71c1c92
ddd1938
e2eb2c8
951398e
f40499a
e072c39
947dfe2
d140ea0
261976c
6d80ffe
fa7cf83
0378ff2
0a9aa60
bfbadaf
2fe687f
db4aef1
fa87545
f6dd080
a09dd09
e047aec
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# CHANGELOG - trend-micro-vision-one-xdr | ||
|
||
## 1.0.0 / 2024-08-06 | ||
## 1.0.0 / 2024-08-20 | ||
|
||
***Added***: | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,43 +1,65 @@ | ||
# Agent Check: trend-micro-vision-one-xdr | ||
|
||
## Overview | ||
|
||
This check monitors [trend-micro-vision-one-xdr][1]. | ||
[Trend Micro Vision One XDR][1] collects and automatically correlates data across multiple security layers: email, endpoint, server, cloud workload, and network. This allows for faster detection of threats and improved investigation and response times through security analysis. | ||
|
||
## Setup | ||
This integration ingests the following logs: | ||
|
||
### Installation | ||
- Workbench Alerts | ||
- Observed Attack Techniques | ||
|
||
The trend-micro-vision-one-xdr check is included in the [Datadog Agent][2] package. | ||
No additional installation is needed on your server. | ||
This integration collects all the above listed logs and sends them to Datadog for analysis. Datadog uses the built-in logs pipeline to parse and enrich these logs, enabling effortless search and analysis. The integration provides insight into workbench alerts and observed attack techniques through the out-of-the-box dashboards. | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add that we also offer out of the box detection rules for Ccloud SIEM customers. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
## Setup | ||
|
||
### Configuration | ||
|
||
!!! Add list of steps to set up this integration !!! | ||
#### Create API KEY from Trend Micro Vision One XDR | ||
|
||
1. On the Trend Vision One console, go to **Administration > API Keys** . | ||
2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. On > In There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
- Name: A meaningful name that can help you identify the API key | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "Specify the settings of the new API key." > "Specify the settings of the new API key with the following:" There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
- Role: The user role assigned to the key. Select **SIEM** from dropdown. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please bold headings. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
- Expiration time: The time the API key remains valid. | ||
- Status: Whether the API key is enabled. | ||
- Details: Extra information about the API key. | ||
3. Click **Add**. | ||
4. Copy and store the authentication token in a secure location. | ||
|
||
### Validation | ||
|
||
!!! Add steps to validate integration is functioning as expected !!! | ||
#### Trend Micro Vision One XDR DataDog Integration Configuration | ||
|
||
Configure the Datadog endpoint to forward Trend Micro Vision One XDR logs to Datadog. | ||
|
||
1. Navigate to `Trend Micro Vision One XDR`. | ||
2. Add your Trend Micro Vision One XDR credentials. | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we be more specific about which credentials, are they admin credentials? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated message with more specific details |
||
| Trend Micro Vision One XDR Parameters | Description | | ||
| ------------------------------------- | ------------------------------------------------------------ | | ||
| Host Region | The Region of your Trend Micro Vision One XDR Console | | ||
| API Key | The API Key of your Trend Micro Vision One XDR Console | | ||
|
||
|
||
## Data Collected | ||
|
||
### Logs | ||
The Trend Micro Vision One XDR integration collects and forwards Workbench Alerts and Observed Attack Techniques logs to Datadog. | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there any setup required here? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We have added the setup configurations steps above. Can you please let us know the exact requirement here? |
||
### Metrics | ||
|
||
trend-micro-vision-one-xdr does not include any metrics. | ||
Trend Micro Vision One XDR does not include any metrics. | ||
|
||
### Service Checks | ||
|
||
trend-micro-vision-one-xdr does not include any service checks. | ||
Trend Micro Vision One XDR does not include any service checks. | ||
|
||
### Events | ||
|
||
trend-micro-vision-one-xdr does not include any events. | ||
Trend Micro Vision One XDR does not include any events. | ||
|
||
## Troubleshooting | ||
## Support | ||
|
||
Need help? Contact [Datadog support][3]. | ||
For further assistance, contact [Datadog Support][2]. | ||
|
||
[1]: **LINK_TO_INTEGRATION_SITE** | ||
[2]: https://app.datadoghq.com/account/settings/agent/latest | ||
[3]: https://docs.datadoghq.com/help/ | ||
[1]: https://www.trendmicro.com/en_in/business/products/detection-response/xdr.html | ||
[2]: https://docs.datadoghq.com/help/ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please provide a description of what is contained in each endpoint
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done