Deploying the Trend Micro Vision One Connector

Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Micro Vision One.

  1. In your Azure Sentinel workspace, go to Configuration > Data connectors.

    The Data Connectors page opens and displays a list of connectors supported by Azure Sentinel.

  2. Search for Trend Micro Vision One (Preview) and click Open connector page.

    The connector page opens.

  3. In the right panel, in the Instructions tab, click Deploy to Azure.

    The Custom deployment page opens.

  4. Configure the following settings.

    Field

    Description

    Subscription

    Select the subscription that manages deployed resources.

    Resource group

    Use resource groups such as folders to organize and manage your resources.

    Function Name

    Specify a unique name.

    Workspace ID and Workspace Key

    You can find the information in the following locations:

    • Connector page: In the Data Connectors page, search for Trend Micro Vision One (Preview) and click Open connector page. You can find the information in the Instructions tab.

    • Log Analytics workspace: Go to Log Analytics workspaces > {your_workspace} > Settings > Agents management. You can find the information in the Windows servers tab, under Download agent.

    API Key

    Trend Micro Vision One

    automatically generates authentication tokens for accounts with API access. If your account has API access, request an authentication token from your administrator. If you are a Master Administrator, perform the following steps.

    1. On the Trend Micro Vision One console, go to Administration > User Accounts.

    2. Click the account name.

    3. Copy and securely store the authentication token.

    Region Code

    Specify the region code that corresponds to the location of your Trend Micro Vision One instance. The following are valid values: au, eu, in, jp, sg, and us.

  5. Click Review + create.

    Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Micro Vision One. The connector does not pull preexisting alert data.