1. Log in on the Trend Vision One page.
2. Create an User Role with the minimum required permissions. To do so, navigate to the Administration section, click on User Roles.
Next, click on Add Role.
Set a meaningful name and description.
Now, enable the following permissions to save the configuration:
- Threat Intelligence: Suspicious Object Management
- XDR threat Investigation: Search - View, filter, and search
- Workflow And Automation: Response Management - View, filter, and search - Add to block List
3. Navigate to the Administration section and click on the API Keys option to create the credentials for API use.
4. Click on Add API Key.
5. Create a personal API Key with a meaningful Name, and the Role that we just created. Set the expiration date that best suits your needs. Keep in mind that you will need to update your integration credentials accordingly.
6. This window will open. Save your API Key in a secure place.
Lumu encrypts this information both in transit and at rest to ensure token confidentiality is maintained. This will remove token updating concerns from the integration maintenance process.
1. Log in to your Lumu account through the Lumu Portal and navigate to the available apps screen.
2. Locate the Trend Vision One integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
4. To activate the integration, click on the activate button. After reading the instructions, provide a meaningful Name. When selecting Threat Mappings, determine the specific threat mappings you want to push to Trend Vision One. Each threat indicator will be ranked according to its risk level associated with it. These are High, Medium, and Low. Select the option Include IP indicators to include IP addresses in your feed list.
If you leave Include IP indicators unselected, you won't be able to change it later, even in the editing process.By completing these steps, you have configured the integration and enhanced your threat management capabilities. Go ahead and click the “Next” button to finalize the process.5. Fill in the required information, the Regional Domain, and the API Key for that account. Finally, click on the Activate button. Lumu will validate if the credentials provided are correct.
Please note the base URL you use to log in into the XDR portal. Based on it, you need to select the regional domain. Your base URL looks like https://portal.[region.]xdr.trendmicro.com.Select the regional domain fitting the region in your base URL.6. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration