Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- What's New by Date
- What's New by App Group
- Release Notes
  - Service Gateway
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
- Cloud Posture
Dashboards and Reports
- Security Dashboard
  - Customizing the Security Dashboard
  - Protocol Groups in the Scanned Traffic Summary Widget
- Reports
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
    - Incident Details
      - Alerts (Incident View)
      - Incident-based Execution Profile
    - Assigning Incidents
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics
- Managed Services
- Companion
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Cyber Risk Assessment
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection)
- Getting Started with Trend Vision One Endpoint Security
- Endpoint Inventory
- Standard Endpoint Protection
- Server & Workload Protection
Cloud Security Operations
- Trend Vision One Container Security
- XDR for Containers
  - Getting Started with XDR for Containers
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Using Mobile Security in Conjunction with MDM Solutions or Azure AD
- Using Mobile Device Director
Service Management
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
- Product Instance
- Cloud Accounts
Administration
- User Accounts, Roles, and Single Sign-On (Legacy)
- User Accounts, Identity Providers, and User Roles (July 2023 update)
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
  - Enabling Hypersensitive Mode
Getting Help and Troubleshooting
- Help and Support
  - Creating a Support Case
- Self-Diagnosis

MISP Feeds

Trend Vision One enables transfer of suspicious object data to and retrieval of threat intelligence data from the MISP threat sharing platform through a Service Gateway.

Configure transfer and retrieval of threat intelligence data with this integration through a Service Gateway.

Note:

At least one Service Gateway must be configured to enable integration.

Configure settings on Trend Vision One.
1. Go to Threat Intelligence > Third-Party Intelligence > MISP.
2. Click the toggle to enable or disable the integration.
3. Review the Legal Statement and click Accept or Close to continue.
4. Configure settings to allow Trend Vision One to transfer suspicious object data to MISP.
  1. Select Transfer data to MISP.
  2. Event tag: Specify the tag to transfer the suspicious object data to.
    Important:
    - The event tag must be created in the MISP system before data can be transferred.
    - If the event tag is added to multiple events, the data will only be transferred to the event with the lowest ID.
  3. Select the risk level of the suspicious object data to include in the transferred data.
  4. Select the frequency at which suspicious object data is transferred.
5. Configure settings to allow Trend Vision One to retrieve threat intelligence data from MISP.
  1. Select Retrieve data from MISP.
  2. Frequency: Select the frequency at which threat intelligence data is retrieved.
  3. Retrieve from: Select how far in the past to begin retrieving threat intelligence data from.
  4. Subscribe event tags: Specify the threat intelligence data to retrieve by subscribing to tags.
    1. Event tag: Specify a tag. Trend Vision One only retrieves threat intelligence data that contains the specified tag.
    2. Extract and block suspicious objects: If enabled, click and select one or more of the following suspicious object types to extract and add to the Suspicious Object List:
      - Domain
      - File SHA-1
      - File SHA-256
      - IP address
      - Sender address
      - URL
      By default, these suspicious objects are considered as high-risk objects with Block/Quarantine action applied.
      
      Important:
      Only "indicator" type STIX objects that are not labeled as "anomalous-activity", "anonymization", "benign", "compromised", or "unknown", and that are not revoked will be added to the Suspicious Objects List.
    3. Run an auto sweep: If enabled, a one-time sweeping task runs right after successful retrieval to search your historical data for objects extracted from the threat intelligence data. Only "report" type STIX objects are supported for sweeping.
  5. (Optional) Click Add Event Tag and repeat the previous step to retrieve threat intelligence data from additional tags.
6. Under Service Gateway Connection, configure the connection between the Service Gateway and the integration.
  1. Click Connect.
    
    The Service Gateway Connection panel appears.
  2. Select a Service Gateway.
  3. Configure the integration server settings.
  4. (Optional) Click Test Connection to verify if the settings are valid.
  5. Click Connect.
    
    The connection configuration is added to the list.
7. Repeat the previous step to add multiple connection configurations for this integration.
8. Click Save.
Configure settings on your integration. For more information, see the documentation for the integration.