Views:

Configure the integration to enable sharing of information about suspicious objects (IoC) between Netskope Cloud Threat Exchange (CTE) and Trend Vision One.

Procedure

  1. In the Trend Vision One console, obtain the authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Netskope CTE.
    3. Copy and save the Authentication token.
      • If no authentication token exists, click Generate and copy the new token. You can specify the expiration time in AdministrationAPI Keys.
      • If the existing authentication token is expired, click Revoke, then generate and copy a new token.
  2. Download and configure the Trend Vision One integration.
    For more information, see the integration demo video or Netskope documentation.
    1. In the Netskope console, go to Plugins.
    2. Search for and select Trend Micro v1.0.0.
    3. Under Basic Information, enter a Configuration Name and a Sync Interval and unit of time.
      Use the default settings for Aging Criteria and Override Reputation.
    4. Click Next.
    5. Under Configuration Parameters, select your region and paste the Authentication Token obtained from the Trend Vision One console.
      Use the default settings for Enabling Polling and Initial Range (in days).
    6. Click Save.
  3. Configure sharing of information between Netskope CTE and Trend Vision One.
    1. Go to Sharing.
    2. Click Add Sharing Configuration.
      The Create Sharing Configuration window appears.
    3. Configure the following settings.
      Setting
      Description
      Source Configuration
      Select Netskope CTE.
      Business Rule
      Select a previously defined business rule.
      If no valid Business Rule exists, go to Business Rules and create a rule.
      Destination Configuration
      Select Trend Micro.
      Target
      Select Add to Suspicious Object List.
      Description
      Enter a description of the configuration.
    4. Click Save.
    5. Click Sync.
      The Share existing IoCs window appears.
    6. Specify the Time period (in days), then click Fetch.
    7. Click Sync.
      Netskope and Trend Vision One begin sharing data on suspicious objects. Netskope and Trend Vision One can only collect data generated after configuring the integration. You might need to allow some time before new data starts to appear.