Trend Vision One enables transfer of suspicious object data to and retrieval of threat intelligence data from the MISP threat sharing platform through a Service Gateway.
Configure transfer and retrieval of threat intelligence data
with this integration through a Service Gateway.
![]() |
NoteAt least one Service Gateway must be configured to enable integration.
For more information, see Service Gateway Management.
|
Procedure
- Configure settings on Trend Vision One.
- Go to .
- In the Integration column, click MISP.
- Click the toggle to enable or disable the integration.
- Review the Legal Statement and click Accept or Close to continue.
- Configure settings to allow Trend Vision One to
transfer suspicious object data to MISP.
-
Select Transfer data to MISP.
-
Event tag: Specify the tag to transfer the suspicious object data to.
Important
-
The event tag must be created in the MISP system before data can be transferred.
-
If the event tag is added to multiple events, the data will only be transferred to the event with the lowest ID.
-
-
Select the risk level of the suspicious object data to include in the transferred data.
-
Select the frequency at which suspicious object data is transferred.
-
- Configure settings to allow Trend Vision One to
retrieve threat intelligence data from MISP.
-
Select Retrieve data from MISP.
-
Frequency: Select the frequency at which threat intelligence data is retrieved.
-
Retrieve from: Select how far in the past to begin retrieving threat intelligence data from.
-
Subscribe event tags: Specify the threat intelligence data to retrieve by subscribing to tags.
-
Event tag: Specify a tag. Trend Vision One only retrieves threat intelligence data that contains the specified tag.
-
Extract and block suspicious objects: If enabled, click
and select one or more of the following suspicious object types to extract and add to the Suspicious Object List:
-
Domain
-
File SHA-1
-
File SHA-256
-
IP address
-
Sender address
-
URL
Important
Onlyindicator
type STIX objects that are not labeled asanomalous-activity
,anonymization
,benign
,compromised
, orunknown
, and that are not revoked will be added to the Suspicious Objects List. -
-
Run an auto sweep: If enabled, a one-time sweeping task runs right after successful retrieval to search your historical data for objects extracted from the threat intelligence data. Only "report" type STIX objects are supported for sweeping.
-
-
(Optional) Click Add Event Tag and repeat the previous step to retrieve threat intelligence data from additional tags.
-
- Under Service Gateway
Connection, configure the connection between the Service
Gateway and the integration.
-
Click Connect.The Service Gateway Connection panel appears.
-
Select a Service Gateway.
-
Configure the integration server settings.
-
(Optional) Click Test Connection to verify if the settings are valid.
-
Click Connect.The connection configuration is added to the list.
-
- Repeat the previous step to add multiple connection configurations for this integration.
- Click Save.
- Configure settings on your integration. For more information, see the documentation for the integration.