Integrating Trend Micro Vision One for Cortex XSOAR

Set up Trend Micro Vision One for Cortex XSOAR to view Workbench alerts and automate incident response in the Cortex XSOAR console.

The steps below provide instructions on how to create a new user account and which information is needed to complete setup in Cortex XSOAR.

Note:

Cortex XSOAR integration requires a user account with certain permissions including generating an authentication token. Trend Micro recommends creating a new user role and user account specifically for Cortex XSOAR integration.

For more information, see Creating a User Role for Cortex XSOAR Integration.

  1. Download Trend Micro Vision One for Cortex XSOAR from the Cortex XSOAR Marketplace and open the app settings in the Cortex XSOAR console.
  2. Create a Trend Micro Vision One user account to integrate with Cortex XSOAR:
    1. In the Trend Micro Vision One console, go to Administration > User Accounts.
    2. Click Add Account to create a new user account.

      The Add Account panel opens.

    3. Set Role to a user role configured with the recommended permissions for integration with Cortex XSOAR.

      For more information, see Creating a User Role for Cortex XSOAR Integration.

    4. Set Access level to APIs only.
    5. Click Add.
  3. Copy the user account authentication token:
    1. Click the name of the user account you created. The Edit Account panel opens.
    2. Click Generate a new authentication token.
    3. Copy the Authentication token and paste into Cortex XSOAR.
  4. Go to Administration > Third Party Integration and click Trend Micro Vision One for Cortex XSOAR.
  5. Copy the Endpoint URL and paste into Cortex XSOAR.

    Cortex XSOAR begins syncing with Trend Micro Vision One.

    Note:

    After successfully installing Trend Micro Vision One for Cortex XSOAR, Cortex XSOAR begins pulling data from Trend Micro Vision One. The add-on does not pull preexisting data. You may need to allow some time before new data starts to appear.