Views:

Configure the IBM Cloud Pak for Security integration to enable Cloud Pak for Security to retrieve security events, endpoint activity, sandbox analysis results, suspicious objects, and other telemetry for investigation, orchestration, and automation.

The IBM Cloud Pak for Security integration allows customers to leverage TrendAI Vision One™'s XDR and threat intelligence data within Cloud Pak.
Using this integration, Cloud Pak can:
  • Retrieve alert and event data from TrendAI Vision One™.
  • Access endpoint activity and telemetry for investigations.
  • Pull sandbox analysis results and suspicious object lists.
  • Automate incident response actions such as isolating or restoring endpoints, managing suspicious or exception lists, and enriching threat intelligence.
This integration provides a single point of visibility and orchestration, helping analysts respond to incidents more efficiently.

Procedure

  1. Find and download the TrendAI™ connector from IBM X-Force Exchange / App Exchange.
  2. In the TrendAI Vision One™ console, obtain the authentication token and management IP address or host name.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Cloud Pak for Security card.
    3. Copy the values from the following fields.
      • Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Management IP address or hostname.
      • Click Generate and copy the Authentication token.
  3. Deploy the TrendAI™ connector into your existing IBM Cloud Pak for Security cluster.
    For more information, see Installing or updating a connector.
    IBM Cloud Pak for Security begins collecting data from TrendAI Vision One™. Cloud Pak for Security can only collect data generated after connecting to TrendAI Vision One™. You might need to allow some time before new data starts to appear.