Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Trend Micro Vision One #3757

Closed
15 tasks
jamiehynds opened this issue Jul 19, 2022 · 1 comment · Fixed by #3963
Closed
15 tasks

Trend Micro Vision One #3757

jamiehynds opened this issue Jul 19, 2022 · 1 comment · Fixed by #3963
Assignees
@vinit-chauhan
Labels
8.6 candidate Epic In Progress New Integration Issue or pull request for creating a new integration package. Partner

Comments

@jamiehynds
Copy link

Description

Trend Micro Vision One is a threat defense platform that includes: Advanced extended detection and response (XDR) capabilities to collect and correlate deep activity data across multiple layers—email, endpoints, servers, and networks.

Architecture

The Vision One API (v3) can be leveraged to get Alerts, Audit Logs, Observed Attack Techniques and more. Our initial focus will be on these three event types, based on Trend Micro's recommendation. Support for additional event types may be explored in the future.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to:

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

  • Dashboards exists
  • Screenshots added or updated
  • Datastream filters added to visualizations

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added 8.5 candidate New Integration Issue or pull request for creating a new integration package. Partner In Progress labels Jul 19, 2022
@vinit-chauhan vinit-chauhan self-assigned this Jul 19, 2022
@vinit-chauhan vinit-chauhan mentioned this issue Aug 16, 2022
Merged
4 tasks
@andrewkroh andrewkroh mentioned this issue Sep 6, 2022
Closed
andrewkroh pushed a commit that referenced this issue Oct 4, 2022
@vinit-chauhan
[Trend Micro Vision One] Initial Package (#3963)
0e230f6 
The Trend Micro Vision One  integration allows you to monitor Alert, Audit, and Detection activity. Trend Micro Vision One refers to the ability to do detection and response across email, endpoints, servers, cloud workloads, and networks via a single Trend Micro Vision One platform or the managed Trend Micro Vision One service.

The Trend Micro Vision One integration collects logs for three types of events: Alert, Audit, and Detection.

Alert - Displays information about workbench alerts. See more details in the doc here https://automation.trendmicro.com/xdr/api-v3#tag/Workbench/paths/~1v3.0~1workbench~1alerts/get.

Audit - Displays log entries that match the specified search criteria. See more details in the doc here https://automation.trendmicro.com/xdr/api-v3#tag/Audit-Logs.

Detection - Displays search results from the Detection Data source. See more details in the doc here https://automation.trendmicro.com/xdr/api-v3#tag/Search/paths/~1v3.0~1search~1detections/get.

This module has been tested against `Trend Micro Vision One API version 3.0`.

Closes #3757
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@vinit-chauhan vinit-chauhan

Labels
8.6 candidate Epic In Progress New Integration Issue or pull request for creating a new integration package. Partner
Projects
None yet
Milestone
No milestone
3 participants
@elasticmachine @jamiehynds @vinit-chauhan