Trend Vision One Out-of-the-Box Response Integration

Trend Vision One Out-of-the-Box Response Integration

To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.

Requirements

  • Trend Vision One 
    • Make sure you read the Suspicious Object Management article on the Trend Micro documentation thoroughly to ensure a smooth process.
    • Endpoint Sensor agent
    • Server & Workload Protection agent
    • Standard Endpoint Protection agent
    • Service Gateway
    • Zero Trust Secure Access Internet Access
    • Trend Cloud One - Endpoint & Workload Security
    • Trend Micro Apex One as a Service
    • Trend Micro Cloud App Security
    • Trend Micro Deep Security
    • Trend Micro Email Security
  • Lumu License
    • An active Lumu Defender subscription  

Configure Trend Vision One

1. Log in on the Trend Vision One page.

2. Create an User Role with the minimum required permissions. To do so, navigate to the Administration section, click on User Roles.

Next, click on Add Role

Set a meaningful name and description.

Now, enable the following permissions to save the configuration:

  • Threat Intelligence: Suspicious Object Management
  • XDR threat Investigation: Search - View, filter, and search
  • Workflow And Automation: Response Management - View, filter, and search - Add to block List

3. Navigate to the Administration section and click on the API Keys option to create the credentials for API use.

4. Click on Add API Key.

5. Create a personal API Key with a meaningful Name, and the Role that we just created. Set the expiration date that best suits your needs. Keep in mind that you will need to update your integration credentials accordingly.




6. This window will open. Save your API Key in a secure place.

Lumu encrypts this information both in transit and at rest to ensure token confidentiality is maintained. This will remove token updating concerns from the integration maintenance process.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the available apps screen. 

2. Locate the Trend Vision One integration in the available apps area and click to add, then click to view details.

3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

4. To activate the integration, click on the activate button. After reading the instructions, provide a meaningful Name. When selecting Threat Mappings, determine the specific threat mappings you want to push to Trend Vision One. Each threat indicator will be ranked according to its risk level associated with it. These are High, Medium, and Low. Select the option Include IP indicators to include IP addresses in your feed list.

If you leave Include IP indicators unselected, you won't be able to change it later, even in the editing process.


By completing these steps, you have configured the integration and enhanced your threat management capabilities. Go ahead and click the “Next” button to finalize the process.

5. Fill in the required information, the Regional Domain, and the API Key for that account. Finally, click on the Activate button. Lumu will validate if the credentials provided are correct.

Please note the base URL you use to log in into the XDR portal. Based on it, you need to select the regional domain. Your base URL looks like https://portal.[region.]xdr.trendmicro.com.
 Select the regional domain fitting the region in your base URL.

6. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration

It's crucial to inform you that the actions may vary depending on the locally configured product. For further details, please refer to the Suspicious Object Actions article in the Trend Micro documentation.

Keep in mind the info panel when editing the configuration. The changes on threat mappings will only apply to new incidents, past incidents will not be updated to the new settings.

Once the integration is activated, the Suspicious Object Management section will be updated with confirmed compromises found by Lumu within the preceding 3 days.



        • Related Articles

        • Trend Micro Apex Central Custom Response Integration

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...
        • Trend Micro Web Security Custom Response Integration

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...
        • Cisco Firepower Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Cisco Firepower to receive and block adversaries detected by Lumu and improve the detection & ...
        • Lumu Out-of-the-box Integrations

          For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...
        • Juniper SRX Firewall Out-of-the-box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & ...