Views:

Allow Logpoint to collect alert and event data from Workbench and Observed Attack Techniques for analysis.

Procedure

  1. In the TrendAI Vision One™ console, obtain the Authentication token.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Logpoint SIEM card.
    3. Use the copy icon (copyicon=GUID-BD854E6D-5EB9-4181-BE68-D5F743237995=1=en-us=Low.jpg) to obtain the Authentication token.
  2. Add Trend Vision One Alerts as a log source in the Logpoint console.
    1. Add a new log source on the Log Sources screen.
      The Add Log Source window appears.
    2. Select the Trend Vision One Alerts template.
    3. On the Connector tab, specify the Authorization Type and paste the authentication token obtained from the TrendAI Vision One™ console.
      Logpoint provides default settings for the Source, Endpoints, Routing, and Normalization tabs. You can select an optional enrichment policy on the Enrichment tab.
    4. Click Save Changes.
    Logpoint begins collecting alert and event data from TrendAI Vision One™. Logpoint can only collect data generated after connecting TrendAI Vision One™ as a log source. You might need to allow some time before new data starts to appear in the Logpoint console.