Views:

Set up the Attack Surface Risk Management for Splunk integration to allow Splunk to share website access logs and provide insights to Trend Vision One.

Procedure

  1. In the Trend Vision One console, obtain the authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Attack Surface Risk Management for Splunk.
    3. Click servicegatewaycopyic.png to copy the Authentication token.
  2. Download and install the Trend Micro Attack Surface Risk Management for Splunk app from Splunkbase.
    1. Go to Splunk and select Splunkbase from the Resources drop-down.
    2. Search for and download the Trend Micro Attack Surface Risk Management for Splunk app from Splunkbase.
    3. Install the Trend Micro Attack Surface Risk Management for Splunk app.
  3. Use the authentication token to configure the integration in the Splunk console.
    Note
    Note
    For more information, see Splunkbase - Trend Micro Attack Surface Risk Management for Splunk.
    1. In the Splunk console, go to AppsTrend Micro Attack Surface Risk Management for Splunk.
    2. Go to Configuration.
    3. In the User Account section, specify your account name and contact email address.
    4. In the Trend Vision One Integration section, enable Trend Vision One integration and paste in the Authentication token copied from the Trend Vision One console.
    5. Click Save.
      Splunk begins collecting and analyze XDR data from Trend Vision One. Splunk can only collect XDR data generated after connecting to Trend Vision One. You might need to allow some time before new XDR data starts to appear.