Trend Vision One enables transfer of suspicious object data to and retrieval of threat intelligence data from the MISP threat sharing platform through a Service Gateway.
Configure transfer and retrieval of threat intelligence data with this integration through a Service Gateway.
At least one Service Gateway must be configured to enable integration.
Select Transfer data to MISP.
Event tag: Specify the tag to transfer the suspicious object data to.
The event tag must be created in the MISP system before data can be transferred.
If the event tag is added to multiple events, the data will only be transferred to the event with the lowest ID.
Select the risk level of the suspicious object data to include in the transferred data.
Select the frequency at which suspicious object data is transferred.
Select Retrieve data from MISP.
Frequency: Select the frequency at which threat intelligence data is retrieved.
Retrieve from: Select how far in the past to begin retrieving threat intelligence data from.
Subscribe event tags: Specify the threat intelligence data to retrieve by subscribing to tags.
Event tag: Specify a tag. Trend Vision One only retrieves threat intelligence data that contains the specified tag.
Extract and block
suspicious objects: If enabled, click
and select
one or more of the following suspicious object types
to extract and add to the Suspicious
Object List:
Domain
File SHA-1
File SHA-256
IP address
Sender address
URL
By default, these suspicious objects are considered as high-risk objects with Block/Quarantine action applied.
Only "indicator" type STIX objects that are not labeled as "anomalous-activity", "anonymization", "benign", "compromised", or "unknown", and that are not revoked will be added to the Suspicious Objects List.
Run an auto sweep: If enabled, a one-time sweeping task runs right after successful retrieval to search your historical data for objects extracted from the threat intelligence data. Only "report" type STIX objects are supported for sweeping.
(Optional) Click Add Event Tag and repeat the previous step to retrieve threat intelligence data from additional tags.
Click Connect.
The Service Gateway Connection panel appears.
Select a Service Gateway.
Configure the integration server settings.
(Optional) Click Test Connection to verify if the settings are valid.
Click Connect.
The connection configuration is added to the list.