Views:

Allow Logpoint to collect alert and event data from Workbench and Observed Attack Techniques for analysis.

Procedure

  1. In the Trend Vision One console, obtain the Authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Select Logpoint SIEM.
    3. Use the copy icon (copyicon=GUID-BD854E6D-5EB9-4181-BE68-D5F743237995=1=en-us=Low.jpg) to obtain the Authentication token.
  2. Add Trend Vision One Alerts as a log source in the Logpoint console.
    1. Add a new log source on the Log Sources screen.
      The Add Log Source window appears.
    2. Select the Trend Vision One Alerts template.
    3. On the Connector tab, specify the Authorization Type and paste the authentication token obtained from the Trend Vision One console.
      Logpoint provides default settings for the Source, Endpoints, Routing, and Normalization tabs. You can select an optional enrichment policy on the Enrichment tab.
    4. Click Save Changes.
    Logpoint begins collecting alert and event data from Trend Vision One. Logpoint can only collect data generated after connecting Trend Vision One as a log source. You might need to allow some time before new data starts to appear in the Logpoint console.