Automation and Integration APIs

Cloud App Security provides programmatic access through Cloud App Security Representational State Transfer (REST) APIs. You can use the APIs to integrate third-party solutions or Trend Micro products and services with Cloud App Security, which allows customers to obtain certain service data, launch investigations for known and unknown threats, and perform operations on email messages and user accounts as necessary. This offers automated capabilities to help the security team of your organization improve their efficiency and effectiveness with which they can investigate, detect, manage, and respond to security issues.

On the Cloud App Security management console, you can create authentication tokens for use by the following products and services:

  • External applications

  • Trend Micro Managed XDR

    Trend Micro Managed XDR is a service that provides detection and response services on behalf of its customers. The service provides advanced threat hunting, detection, and response to organizations that seek assistance for their own incident response staff, or for those who want to offload it altogether.

  • Trend Micro Apex Oneā„¢ as a Service

Cloud App Security supports the following types of APIs:

  • Log retrieval: gets security event logs from Cloud App Security to your Security Information and Event Management (SIEM) or other security analytics platform for further security monitoring and threat detection.

  • Threat investigation: sweeps email messages in protected Exchange Online and Gmail mailboxes for those that match meta information search criteria to investigate and understand the impact of detections.

  • Threat mitigation: performs operations on email messages or user accounts to remediate or prevent your email service from further security attacks.

  • Threat remediation: specifies lists of blocked senders, URLs, SHA-1 hash values, and SHA-256 hash values for Cloud App Security to quarantine Exchange Online email messages that match the lists.

  • Intelligent investigation: gets intelligent alerts on Exchange Online email messages or user accounts and performs advanced threat investigation to find potential compromised accounts or other possibilities and hunt for more unknown threats from email perspective.


    The Intelligent Investigation API type is provided only for use by the Trend Micro Managed XDR service, and available for the customers who are using or Managed XDR with Cloud App Security connected to it.

For more information on the supported APIs and how to implement them, see Cloud App Security Automation and Integration API Online Help.