Views:

Once the connector is successfully deployed, Microsoft Sentinel begins pulling newly created alert data from Trend Vision One.

Procedure

  1. In your Microsoft Sentinel workspace, go to Content managementContent hub (Preview).
  2. In the Content hub page, search for Trend Vision One and click Install.
  3. Choose your workspace and click Start to install.
  4. After installation finishes, go to ConfigurationData connectors.
  5. Search for Trend Vision One (using Azure Function) and click Open connector page.
  6. On the connector page, go to the Instructions tab.
  7. Copy the Workspace ID and Workspace Key.
  8. Click Deploy to Azure.
    The Custom deployment page appears.
  9. Configure the settings on the Custom deployment page.
    Setting
    Configuration Notes
    Subscription
    Manages deployed resources
    Resource group
    Where to deploy the connector
    Function Name
    Must be a unique name
    Workspace ID and Workspace Key
    The information you copied from the Instructions tab
    You can also access the information from Log Analytics.
    1. Go to Log Analytics and navigate to your workspace.
    2. Go to Settings Agents management.
    3. The information is on the Windows servers tab, under Download agent.
    API Key
    An API key from a Trend Vision One user account
    Note
    Note
    The Microsoft Sentinel connector requires an API key from a Trend Vision One user account with the Senior Analyst role or a user role with greater permissions. The user account access level must include APIs.
    Region Code
    The region code that corresponds to the location of your Trend Vision One instance
    The following are valid values: au, eu, in, jp, sg, and us.
    Storage prefix
    The storage prefix must comply with Azure naming conventions
  10. Click Review + create.
    Once the connector is successfully deployed, Microsoft Sentinel begins pulling newly created alert data from Trend Vision One. The connector does not pull preexisting alert data.