Views:

Configure the integration to allow Picus Security to pull events from TrendAI Vision One™, as well as to query logs and alerts to analyze and validate simulated attacks.

Procedure

  1. In the TrendAI Vision One™ console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Picus Security card.
    3. Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy and save the Endpoint URL.
    4. Copy and save the Authentication token.
      • If no authentication token exists, click Generate and copy the new token. You can specify the expiration time in AdministrationAPI Keys.
      • If the existing authentication token is expired, click Revoke, then generate and copy a new token.
  2. Configure the integration in the Picus Security console.
    For more information, see the integration demo video.
    1. Click Integrations.
    2. Find the TrendAI™ integration and use the edit icon to select Edit Configuration.
    3. Paste the endpoint URL and authentication token obtained from the TrendAI Vision One™ console in the Login Credentials section.
    4. (Optional) Configure your Communication Preferences.
    5. Click Login.
    6. On the Log Analysis tab, specify a Delay Time (Seconds) and an optional Early Time (Seconds) for the query interval.
    7. (Optional) On the Alert Analysis (optional) tab, specify the starting and ending times of the alert analysis interval.
    8. Click Submit.
      Picus Security begins collecting data from TrendAI Vision One™ and displaying information in the Simulations menu in the Picus console. Picus can only collect data generated after connecting to TrendAI Vision One™. You might need to allow some time before new data starts to appear.