Views:
Cloud Email and Collaboration Protection provides programmatic access through Cloud Email and Collaboration Protection Representational State Transfer (REST) APIs. You can use the APIs to integrate third-party solutions or Trend Micro products and services with Cloud Email and Collaboration Protection, which allows customers to obtain certain service data, launch investigations for known and unknown threats, and perform operations on email messages and user accounts as necessary. This offers automated capabilities to help the security team of your organization improve their efficiency and effectiveness with which they can investigate, detect, manage, and respond to security issues.
Cloud Email and Collaboration Protection supports the following types of APIs:
  • Log retrieval: gets security event logs from Cloud Email and Collaboration Protection to your Security Information and Event Management (SIEM) or other security analytics platform for further security monitoring and threat detection.
  • Threat investigation: sweeps email messages in protected Exchange Online and Gmail mailboxes for those that match meta information search criteria to investigate and understand the impact of detections.
  • Threat mitigation: performs operations on email messages or user accounts to remediate or prevent your Exchange Online or Gmail service from further security attacks.
    Note
    Note
    For Gmail, you can perform operations only on email messages through this API.
  • Threat remediation: specifies lists of blocked senders, URLs, SHA-1 hash values, and SHA-256 hash values for Cloud Email and Collaboration Protection to quarantine Exchange Online email messages that match the lists.
Using these APIs may potentially expose sensitive information. Therefore, to ensure that only trusted applications can use the APIs, generate an authentication token that the trusted applications send with API requests. Cloud Email and Collaboration Protection verifies the validity of all API requests from third-party applications and systems using the token information and returns the requested data to them.
On the Cloud Email and Collaboration Protection management console, you can create authentication tokens for use by the following products and services:
  • External applications
  • Trend Micro Apex One™ as a Service
Perform the following steps to properly utilize the Cloud Email and Collaboration Protection REST APIs:
  1. Create an authentication token on the Cloud Email and Collaboration Protection management console and fill the token in the header of the request to the intended API.
    For more information, see Generating an authentication token.
  2. Create a valid API request that consists of a method, a URL, a request header, a list of request parameters, and optionally a request body.
    For more information, see the following topics:
  3. Verify whether Cloud Email and Collaboration Protection accepted the API request.
    For more information, see API responses.