First Steps Toward Using the APIs

Views:

To become familiar with the APIs, send sample requests to Trend Micro Vision One.

Prepare the development and runtime environment.

Running the sample code in this guide requires the following:

Network access to Trend Micro Vision One

Tool for sending requests

Type	Requirements
cURL command	HTTP client such as Postman, Paw, or cURL
Python script	Python 3.7.x or later Additional libraries: `requests` and `ldap3` Note: You can install the libraries using the `pip` command. `pip install <package name>`

Obtain an authentication token.
If you have access to the Account Management screens of your organization's Trend Micro Vision One console, see Obtain the Authentication Token of an Account. Otherwise, contact your administrator.

Obtain the domain name for your region.

Region	FQDN
Australia	api.au.xdr.trendmicro.com
European Union	api.eu.xdr.trendmicro.com
India	api.in.xdr.trendmicro.com
Japan	api.xdr.trendmicro.co.jp
Singapore	api.sg.xdr.trendmicro.com
United States	api.xdr.trendmicro.com

Test your authentication token by making sample requests.
For more information, see the following topics:
- Perform a GET Request
- Perform a POST Request

Obtain the Authentication Token of an Account

The Trend Micro Vision One console automatically generates an authentication token for each account with API access.

On the Trend Micro Vision One console, go to Account Management > User Accounts.
Click the account name.
Copy the authentication token and securely store it.
By default, an authentication token expires one year after creation. However, a Master Administrator can delete and re-generate a token at any time.
Click Close.

Built-in Roles

Trend Micro Vision One has built-in roles with fixed permissions that Master Administrators can assign to accounts.

The following table provides a brief description of each role.

Role	Description
Master Administrator	Can access all apps and administration features
Administrator	Can configure system settings and connect products
Senior Analyst	Can perform live responses during investigation and advanced threat hunting
Analyst	Can investigate and triage security events
Auditor	Can view Audit logs and the Security Posture app

Perform a GET Request

This section shows sample GET requests to the List detection models API.

For more information, see the Detection Models section of the API reference.

List Detection Models Using a cURL Command

This command allows you to retrieve a list of enabled and disabled detection models.

Use the following information to create the request.

Request type: GET
URL: https://api.xdr.trendmicro.com/v1.0/xdr/dmm/models
Header:
- Key: Authorization
- Value: Bearer <your authentication token>

To send the request right away, you can use an HTTP client such as cURL, Paw, or Postman.

Command

curl -X GET https://api.xdr.trendmicro.com/v1.0/xdr/dmm/models \
-H "Authorization: Bearer <your authentication token>

Response Body

{
  "data": [
    {
      "modelId": "ti-0001",
      "name": "Threat Intelligence",
      "enabled": true
    },
    ...
  ]
}

List Detection Models Using a Python Script

This script allows you to retrieve a list of enabled and disabled detection models.

Create a file named first_steps_get_example.py.

Copy and paste the following code to the file.

import requests
import json
 
url_base = 'https://api.xdr.trendmicro.com'
url_path = '/v1.0/xdr/dmm/models'
token = 'YOUR_TOKEN'
 
query_params = {}
headers = {'Authorization': 'Bearer ' + token, 'Content-Type': 'application/json;charset=utf-8'}
 
r = requests.get(url_base + url_path, params=query_params, headers=headers)
 
print(r.status_code)
if 'application/json' in r.headers.get('Content-Type', ''):
    print(json.dumps(r.json(), indent=4))
else:
    print(r.text)

Locate the following code and change the value. token = 'YOUR_TOKEN'
Open a Command Prompt (Windows) or terminal (Linux) and run the following command: python first_steps_get_example.py

Perform a POST Request

This section shows sample POST requests to the Enable or disable a detection model API.

For more information, see the Detection Models section of the API reference.

Enable a Detection Model Using a cURL Command

This command allows you to enable or disable detection models based on your organization's security requirements.

Use the following information to create the request.

Request type: POST
URL: https://api.xdr.trendmicro.com/v1.0/xdr/dmm/models/{id}
First header:
- Key: Authorization
- Value: Bearer <your authentication token>
Second header:
- Key: Content-Type
- Value: application/json
Request body:
```
{
  "enable": true
}
```

To send the request right away, you can use an HTTP client such as cURL, Paw, or Postman.

Command

curl -X POST https://api.xdr.trendmicro.com/v1.0/xdr/dmm/models/{id} \
-H "Authorization: Bearer <your authentication token>" \
-H "Content-Type: application/json" \
-d '{
    "enable": true
}'

Enable a Detection Model Using a Python Script

This script allows you to enable or disable detection models based on your organization's security requirements.

Create a file named first_steps_post_example.py.

Copy and paste the following sample code to the file.

import requests
import json
 
url_base = 'https://api.xdr.trendmicro.com'
url_path = '/v1.0/xdr/dmm/models/{modelId}'
url_path = url_path.format(**{'modelId': 'YOUR_MODELID'})
token = 'YOUR_TOKEN'
 
query_params = {}
body = '''
{
    "enable": true
}
'''
headers = {'Authorization': 'Bearer ' + token , 'Content-Type': 'application/json;charset=utf-8'}
 
r = requests.post(url_base + url_path, params=query_params, headers=headers, data=body)
 
print(r.status_code)
if 'application/json' in r.headers.get('Content-Type', ''):
    print(json.dumps(r.json(), indent=4))
else:
    print(r.text)

Locate the following code and change the values.
- token = 'YOUR_TOKEN'
- {'id': 'YOUR_ID'}
Open a Command Prompt (Windows) or terminal (Linux) and run the following command:
```
python first_steps_post_example.py
```

Comments (0)