Views:

Configure the Elastic integration to allow Elastic to collect alert, audit, and detection logs from Trend Vision One for analysis and correlation.

Procedure

  1. In the Trend Vision One console, generate the API token.
    1. In the Trend Vision One console, go to Workflow and AutomationThird-Party Integration.
    2. Click Elastic.
    3. Click Generate to create a new API authentication token.
  2. Create a deployment in Elastic Cloud.
    1. Sign in to Elastic Cloud.
    2. Create a deployment by providing a deployment name and clicking Create deployment.
    3. Once the deployment is ready, click Continue.
  3. Configure the Trend Vision One integration in Elastic.
    1. Click View integrations in the Observe my data widget.
      The Integrations screen appears.
    2. Find the Trend Micro integration.
    3. Click Add System.
      If the Elastic Agent is not already installed, download and install the Elastic Agent on your host operating system before continuing.
      For more information, see Elastic documentation.
    4. Configure the necessary settings and click Add the integration.
      The Set up System Integration screen appears.
    5. Use the toggle to enable Collect logs from third-party REST API (experimental).
    6. Under the drop-down menu, enter the authentication token obtained from the Trend Vision One console.
      Note
      Note
      For more information, see Trend Vision One Public API (v3.0).
    7. Click Confirm incoming data.
      Elastic begins collecting logs from Trend Vision One and sending the data to Elasticsearch. Elastic can only collect data generated after connecting to Trend Vision One. You might need to allow some time before new data starts to appear.