Deploying the Trend Vision One Connector

Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Vision One.

1. In your Azure Sentinel workspace, go to Content management > Content hub (Preview).
2. In the Content hub page, search for Trend Vision One and click Install.
3. Choose your workspace and click Start to install.
4. After installation finishes, go to Configuration > Data connectors.
5. Search for Trend Vision One (using Azure Function) and click Open connector page.
6. On the connector page, go to the Instructions tab.
7. Copy the Workspace ID and Workspace Key.
8. Click Deploy to Azure.

   The Custom deployment page appears.

9. Configure the settings on the Custom deployment page.

   Setting	Configuration Notes
   Subscription	Manages deployed resources
   Resource group	Where to deploy the connector
   Function Name	Must be a unique name
   Workspace ID and Workspace Key	The information you copied from the Instructions tab You can also access the information from Log Analytics. Go to Log Analytics and navigate to your workspace. Go to Settings > Agents management. The information is on the Windows servers tab, under Download agent.
   API Key	An API key from a Trend Vision One user account Note: The Trend Vision One Connector for Azure Sentinel requires an API key from a Trend Vision One user account with the Senior Analyst role or a user role with greater permissions. The user account access level must include APIs.
   Region Code	The region code that corresponds to the location of your Trend Vision One instance The following are valid values: au, eu, in, jp, sg, and us.
   Storage prefix	The storage prefix must comply with Azure naming conventions

10. Click Review + create.

    Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Vision One. The connector does not pull preexisting alert data.