Views:

Set up the Securonix SIEM integration to enable Securonix to collect alerts, events, and audit logs from Trend Vision One.

Procedure

  1. In the Trend Vision One console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Securonix SIEM.
    3. Obtain the values from the following fields.
      • Click dddna-summary-detect.png to copy the Endpoint URL.
      • Click Generate and copy the Authentication token.
  2. Configure and save setup credentials for Trend Vision One on the Securonix platform.
    For more information on the configuration, see Securonix Cloud documentation.
    1. In Unified Defense SIEM, go to MenuAdd DataActivity.
    2. Click Add DataAdd Data for Supported Device Type.
    3. In the Resource Type Information window, enter the following values.
      Setting
      Description
      Vendors
      Trend Micro Inc.
      Resource Types
      Trend Micro Vision One - Alerts : [trendmicroxdr] [JSON]
      Parser Name
      SCNX_TRENDM_TRENDMICROVISIONONEALERT_CEDR_TRE_JSO_COMM
    4. Select an Ingester from the list.
    5. In the Connection Details window, configure the following settings.
      Setting
      Description
      Log Types
      Select one of the following:
      • Alerts V3
      • Audit Logs V3
      Base URL
      Paste the endpoint URL copied from the Trend Vision One console.
      Token
      Paste the authentication token copied from the Trend Vision One console.
    6. Click Save & Next.
    7. In the Parser Management window, click Save & Next.
  3. Add a correlation rule on the Securonix platform.
    1. Click Add ConditionAdd New Correlation Rule.
    2. Give the correlation rule a descriptive name.
    3. Specify a value for each column in the Correlate events to user using rule table.
    4. Click SaveSave & Next.
    5. In the Policy Violations window, click Save & Next.
  4. Run the integration to save Trend Vision One as a data source on the Securonix platform.
    1. In the Job Scheduling Information window, select Do you want to run job Once?.
    2. Click Save & Run.
      Securonix begins collecting event data from Trend Vision One. Securonix can only collect data generated after connecting to Trend Vision One. You might need to allow some time before new data starts to appear.