Views:

Set up the Securonix SIEM integration to enable Securonix to collect alerts, events, and audit logs from TrendAI Vision One™.

Procedure

  1. In the TrendAI Vision One™ console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Securonix SIEM card.
    3. Obtain the values from the following fields.
      • Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Endpoint URL.
      • Click Generate and copy the Authentication token.
  2. Configure and save setup credentials for TrendAI Vision One™ on the Securonix platform.
    For more information on the configuration, see Securonix Cloud documentation.
    1. In Unified Defense SIEM, go to MenuAdd DataActivity.
    2. Click Add DataAdd Data for Supported Device Type.
    3. In the Resource Type Information window, enter the following values.
      Setting
      Description
      Vendors
      Trend Micro Inc.
      Resource Types
      Trend Micro Vision One - Alerts : [trendmicroxdr] [JSON]
      Parser Name
      SCNX_TRENDM_TRENDMICROVISIONONEALERT_CEDR_TRE_JSO_COMM
    4. Select an Ingester from the list.
    5. In the Connection Details window, configure the following settings.
      Setting
      Description
      Log Types
      Select one of the following:
      • Alerts V3
      • Audit Logs V3
      Base URL
      Paste the endpoint URL copied from the TrendAI Vision One™ console.
      Token
      Paste the authentication token copied from the TrendAI Vision One™ console.
    6. Click Save & Next.
    7. In the Parser Management window, click Save & Next.
  3. Add a correlation rule on the Securonix platform.
    1. Click Add ConditionAdd New Correlation Rule.
    2. Give the correlation rule a descriptive name.
    3. Specify a value for each column in the Correlate events to user using rule table.
    4. Click SaveSave & Next.
    5. In the Policy Violations window, click Save & Next.
  4. Run the integration to save TrendAI Vision One™ as a data source on the Securonix platform.
    1. In the Job Scheduling Information window, select Do you want to run job Once?.
    2. Click Save & Run.
      Securonix begins collecting event data from TrendAI Vision One™. Securonix can only collect data generated after connecting to TrendAI Vision One™. You might need to allow some time before new data starts to appear.