Views:

Configure the IBM Cloud Pak for Security integration to enable Cloud Pak for Security to retrieve security events, endpoint activity, sandbox analysis results, suspicious objects, and other telemetry for investigation, orchestration, and automation.

The IBM Cloud Pak for Security integration allows customers to leverage Trend Vision One's XDR and threat intelligence data within Cloud Pak.
Using this integration, Cloud Pak can:
  • Retrieve alert and event data from Trend Vision One.
  • Access endpoint activity and telemetry for investigations.
  • Pull sandbox analysis results and suspicious object lists.
  • Automate incident response actions such as isolating or restoring endpoints, managing suspicious or exception lists, and enriching threat intelligence.
This integration provides a single point of visibility and orchestration, helping analysts respond to incidents more efficiently.

Procedure

  1. Find and download the Trend Micro connector from IBM X-Force Exchange / App Exchange.
  2. In the Trend Vision One console, obtain the authentication token and management IP address or host name.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Cloud Pak for Security card.
    3. Copy the values from the following fields.
      • Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Management IP address or hostname.
      • Click Generate and copy the Authentication token.
  3. Deploy the Trend Micro connector into your existing IBM Cloud Pak for Security cluster.
    For more information, see Installing or updating a connector.
    IBM Cloud Pak for Security begins collecting data from Trend Vision One. Cloud Pak for Security can only collect data generated after connecting to Trend Vision One. You might need to allow some time before new data starts to appear.