Trend Micro Apex Central

the trend micro apex central connector enables automated interactions with the trend micro apex central api for enhanced threat management and security automation trend micro apex central serves as a central security management hub, facilitating the automation of threat detection and response across an organization's network this connector enables swimlane turbine users to integrate with apex central to manage suspicious objects and security agents, enhancing their security operations by leveraging this connector, users can add suspicious file and object information to udso lists, retrieve detailed security agent data, and manage yara file lists, all through the swimlane platform this integration empowers security teams to streamline threat management processes, enforce security policies, and rapidly respond to potential threats without the need for manual intervention limitations none to date prerequisites to effectively utilize the trend micro apex central connector with turbine, ensure you have the following api key authentication with the necessary parameters host address the endpoint url of your trend micro apex central server app id the application identifier for api access api key a valid api key to authenticate requests capabilities this connector provides the following capabilities add file object to udso list add udso to list list security agents list udso entries list uploaded yara files add file object to udso list adds the uploaded file information to the user defined suspicious objects list trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjectresource getproductservers ) add udso to list adds the specified object information to the user defined suspicious objects list trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects adduserdefinedso ) list security agents retrieves a list of security agents with more detail trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/security agents/operation/agentresource getproductagentsv2 ) list udso entries retrieves a list of user defined suspicious objects from the apex central server trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects queryuserdefinedso ) list uploaded yara files retrieves a list of yara files from the apex central server trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/yara/operation/yararesource filingcabinet ) configurations trend micro apex central api key authentication authenticates using an api key configuration parameters parameter description type required url host address of the apex central instance string required app id used by apex central to identify the external application string required api key used by the external application to sign requests sent to apex central string required is webapp some trend micro apex endpoints may begin with /webapp defaults to true string optional verify ssl verify ssl certificate boolean optional actions add file object to udso list adds uploaded file information to the user defined suspicious objects (udso) list in trend micro apex central endpoint url /webapp/api/suspiciousobjectresource/fileudso method put input argument name type required description file content base64 string string optional the binary content of the file, converted to a base64 string file name string optional the name of the file file scan action string optional the scan action to perform note string optional additional information input example {"json body" {"file content base64 string" "string","file name" "string","file scan action" "string","note" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl featurectrl mode string output field featurectrl mode meta object output field meta meta errorcode number error message if any meta errormsg string error message if any meta result number result of the operation permissionctrl object output field permissionctrl permissionctrl elements string output field permissionctrl elements permissionctrl permission string output field permissionctrl permission systemctrl object output field systemctrl systemctrl tmcmsodist role string output field systemctrl tmcmsodist role output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"data" {},"featurectrl" {"mode" "string"},"meta" {"errorcode" 0,"errormsg" "string","result" 0},"permissionctrl" {"elements" "string","permission" "string"},"systemctrl" {"tmcmsodist role" "string"}}} add udso to list adds specified object information to the user defined suspicious objects (udso) list in trend micro apex central endpoint url /api/suspiciousobjects/userdefinedso method put input argument name type required description param object optional parameter for add udso to list param content string optional the suspicious object content for the specified type param expiration utc date string optional the expiration date(utc) of the suspicious object param notes string optional description of the object param scan action string optional the scan action to perform on the suspicious object param type string optional the suspicious object type input example {"json body" {"param" {"content" "string","expiration utc date" "2019 08 24t14 15 22z","notes" "string","scan action" "string","type" "string"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl featurectrl mode string output field featurectrl mode meta object output field meta meta errorcode number error message if any meta errormsg string error message if any meta result number result of the operation permissionctrl object output field permissionctrl permissionctrl elements string output field permissionctrl elements permissionctrl permission string output field permissionctrl permission systemctrl object output field systemctrl systemctrl tmcmsodist role string output field systemctrl tmcmsodist role output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"data" {},"featurectrl" {"mode" "string"},"meta" {"errorcode" 0,"errormsg" "string","result" 0},"permissionctrl" {"elements" "string","permission" "string"},"systemctrl" {"tmcmsodist role" "string"}}} list security agents retrieves a detailed list of security agents from trend micro apex central endpoint url /api/v2/agentresource/productagents method get input argument name type required description parameters entityid string optional the guid of the security agent parameters ipaddress string optional the ip address of the endpoint parameters macaddress string optional the mac address of the endpoint parameters hostname string optional the name of the endpoint parameters product string optional the trend micro product id parameters managingserverid string optional the guid of the product server that manages the security agent input example {"parameters" {"entityid" "string","ipaddress" "string","macaddress" "string","hostname" "string","product" "string","managingserverid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase result code number result of the operation result content array response content result content endpointid string unique identifier result content endpointhost string response content result content endpointip string response content result content endpointmac string response content result content product string response content result content managingserverid string unique identifier result content addomain string response content result content domain string response content result content domainhierarchy string response content result content logonuser string response content result content platform string response content result content clientprogram string response content result content connectionstatus string status value result content isolationstatus string status value result content firewall string response content result content scanmethod string http method to use result content updateagent string response content result content lastscheduledscanutc string response content result content lastmanualscanutc string response content result content laststartup string response content result content lastconnected string response content output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"result code" 1,"result content" \[{}],"result description" "string"}} list udso entries retrieve a list of user defined suspicious objects (udso) from the trend micro apex central server endpoint url /api/suspiciousobjects/userdefinedso method get input argument name type required description parameters type string optional the suspicious object type to query parameters contentfilter string optional filters the list to suspicious objects that match the specified string input example {"parameters" {"type" "domain","contentfilter" "168 95"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl featurectrl mode string output field featurectrl mode meta object output field meta meta errorcode number error message if any meta errormsg string error message if any meta result number result of the operation permissionctrl object output field permissionctrl permissionctrl elements string output field permissionctrl elements permissionctrl permission string output field permissionctrl permission systemctrl object output field systemctrl systemctrl tmcmsodist role string output field systemctrl tmcmsodist role output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"data" {},"featurectrl" {"mode" "string"},"meta" {"errorcode" 0,"errormsg" "string","result" 0},"permissionctrl" {"elements" "string","permission" "string"},"systemctrl" {"tmcmsodist role" "string"}}} list uploaded yara files retrieves a list of uploaded yara files from the trend micro apex central server, requiring specific 'param' details endpoint url /iocbackend/yararesource/filingcabinet method get input argument name type required description param object optional parameter for list uploaded yara files param filehashidlist array optional filters the list for file sha 1 values param fuzzymatchstring string optional filters the list for matching strings in the "file name", "title", and "source context" fields param pagenumber number optional filters the list to uploaded files that appear on the specified page number on the threat intel > custom intelligence > stix tab param pagesize number optional filters the list to the specified number of uploaded files per page param sortingcolumn number optional sorts the list by the specified table column param sortingdirection number optional sorts the list in the specified direction input example {"json body" {"param" {"filehashidlist" \["string"],"fuzzymatchstring" "string","pagenumber" 2147483647,"pagesize" 2147483647,"sortingcolumn" 1,"sortingdirection" 1}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data filingcabinet array response data data filingcabinet extractingstatus number response data data filingcabinet fileaddeddatetime string response data data filingcabinet filehashid string response data data filingcabinet filename string response data data filingcabinet shortdesc string response data data filingcabinet title string response data data filingcabinet uploadedby string response data data filingcabinet uploadedfrom number response data data totalioccount number response data featurectrl object output field featurectrl featurectrl mode string output field featurectrl mode meta object output field meta meta errorcode number error message if any meta errormsg string error message if any meta result number result of the operation permissionctrl object output field permissionctrl permissionctrl elements string output field permissionctrl elements permissionctrl permission string output field permissionctrl permission systemctrl object output field systemctrl systemctrl tmcmsodist role string output field systemctrl tmcmsodist role output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"data" {"filingcabinet" \[],"totalioccount" 0},"featurectrl" {"mode" "string"},"meta" {"errorcode" 0,"errormsg" "string","result" 0},"permissionctrl" {"elements" "string","permission" "string"},"systemctrl" {"tmcmsodist role" "string"}}} response headers header description example content type the media type of the resource application/json