Install the add-on to share and view XDR data in QRadar including Workbench alerts, Observed Attack Techniques, and Trend Micro product detections.
The following instructions for installation is based on QRadar versions 7.3.3FP6+ and 7.4.1FP2+. Settings may vary for other versions of QRadar. Refer to the QRadar documentation for specific information related to your version.
QRadar Authentication Token
Proxy: Select if you want to use the QRadar proxy settings or not.
Data scope: Select which data sources to pull from Trend Vision One.
The add-on requires selecting at least one data source. Workbench alerts is the default selection.
QRadar begins pulling XDR data from Trend Vision One.
After successfully installing the QRadar add-on, QRadar begins pulling XDR data from Trend Vision One. The add-on does not pull preexisting XDR data. You may need to allow some time before new XDR data starts to appear.