Trend Micro Vision One enables transfer of suspicious object data to and retrieval of threat intelligence data from the MISP threat sharing platform through a Service Gateway.
Configure transfer and retrieval of threat intelligence data with this integration through a Service Gateway.
At least one Service Gateway must be configured to enable integration.
For more information, see Service Gateway Inventory.
Select Transfer data to MISP.
Event tag: Specify the tag to transfer the suspicious object data to.
The event tag must be created in the MISP system before data can be transferred.
If the event tag is added to multiple events, the data will only be transferred to the event with the lowest ID.
Select the risk level of the suspicious object data to include in the transferred data.
Select the frequency at which suspicious object data is transferred.
Select Retrieve data from MISP.
Frequency: Select the frequency at which threat intelligence data is retrieved.
Retrieve from: Select how far in the past to begin retrieving threat intelligence data from.
Subscribe event tags: Specify the threat intelligence data to retrieve by subscribing to tags.
Event tag: Specify a tag. Trend Micro Vision One only retrieves threat intelligence data that contains the specified tag.
Extract and block suspicious objects: If enabled, the following objects are extracted and added to the Suspicious Object List as high-risk objects with Block/Quarantine action applied:
Only "indicator" type objects that are not labeled as "anomalous-activity", "anonymization", "benign", "compromised", or "unknown", and that are not revoked will be added to the Suspicious Objects List.
Run an auto sweep: If enabled, an automatic sweeping task runs right after successful retrieval to search your historical data for objects extracted from the threat intelligence data.
(Optional) Click Add Event Tag and repeat the previous step to retrieve threat intelligence data from additional tags.
The Service Gateway Connection panel appears.
Select a Service Gateway.
Configure the integration server settings.
(Optional) Click Test Connection to verify if the settings are valid.
The connection configuration is added to the list.