Trend Micro Apex Central

the trend micro apex central connector enables automated interactions with the trend micro apex central api for enhanced threat management and security automation trend micro apex central serves as a central security management hub, facilitating the automation of threat detection and response across an organization's network this connector enables swimlane turbine users to integrate with apex central to manage suspicious objects and security agents, enhancing their security operations by leveraging this connector, users can add suspicious file and object information to udso lists, retrieve detailed security agent data, and manage yara file lists, all through the swimlane platform this integration empowers security teams to streamline threat management processes, enforce security policies, and rapidly respond to potential threats without the need for manual intervention limitations none to date prerequisites to effectively utilize the trend micro apex central connector with turbine, ensure you have the following api key authentication with the necessary parameters host address the endpoint url of your trend micro apex central server app id the application identifier for api access api key a valid api key to authenticate requests capabilities this connector provides the following capabilities add file object to udso list add udso to list list security agents list udso entries list uploaded yara files add file object to udso list adds the uploaded file information to the user defined suspicious objects list trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjectresource getproductservers https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjectresource getproductservers ) add udso to list adds the specified object information to the user defined suspicious objects list trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects adduserdefinedso https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects adduserdefinedso ) list security agents retrieves a list of security agents with more detail trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/security agents/operation/agentresource getproductagentsv2 https //automation trendmicro com/apex central/api/#tag/security agents/operation/agentresource getproductagentsv2 ) list udso entries retrieves a list of user defined suspicious objects from the apex central server trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects queryuserdefinedso https //automation trendmicro com/apex central/api/#tag/udso/operation/suspiciousobjects queryuserdefinedso ) list uploaded yara files retrieves a list of yara files from the apex central server trend micro apex central api documentation for this action can be found \[here] ( https //automation trendmicro com/apex central/api/#tag/yara/operation/yararesource filingcabinet https //automation trendmicro com/apex central/api/#tag/yara/operation/yararesource filingcabinet ) configurations trend micro apex central api key authentication authenticates using an api key configuration parameters parameter description type required url host address of the apex central instance string required app id used by apex central to identify the external application string required api key used by the external application to sign requests sent to apex central string required is webapp some trend micro apex endpoints may begin with /webapp defaults to true string optional verify ssl verify ssl certificate boolean optional actions add file object to udso list adds uploaded file information to the user defined suspicious objects (udso) list in trend micro apex central endpoint url /webapp/api/suspiciousobjectresource/fileudso method put input argument name type required description file content base64 string string optional the binary content of the file, converted to a base64 string file name string optional the name of the file file scan action string optional the scan action to perform note string optional additional information output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl mode string output field mode meta object output field meta errorcode number error message if any errormsg string error message if any result number result of the operation permissionctrl object output field permissionctrl elements string output field elements permission string output field permission systemctrl object output field systemctrl tmcmsodist role string output field tmcmsodist role example \[ { "status code" 200, "response headers" { "content type" "application/json" }, "reason" "ok", "json body" { "data" {}, "featurectrl" {}, "meta" {}, "permissionctrl" {}, "systemctrl" {} } } ] add udso to list adds specified object information to the user defined suspicious objects (udso) list in trend micro apex central endpoint url /api/suspiciousobjects/userdefinedso method put input argument name type required description param object required parameter for add udso to list content string optional the suspicious object content for the specified type expiration utc date string optional the expiration date(utc) of the suspicious object notes string optional description of the object scan action string optional the scan action to perform on the suspicious object type string optional the suspicious object type output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl mode string output field mode meta object output field meta errorcode number error message if any errormsg string error message if any result number result of the operation permissionctrl object output field permissionctrl elements string output field elements permission string output field permission systemctrl object output field systemctrl tmcmsodist role string output field tmcmsodist role example \[ { "status code" 200, "response headers" { "content type" "application/json" }, "reason" "ok", "json body" { "data" {}, "featurectrl" {}, "meta" {}, "permissionctrl" {}, "systemctrl" {} } } ] list security agents retrieves a detailed list of security agents from trend micro apex central endpoint url /api/v2/agentresource/productagents method get input argument name type required description entityid string optional the guid of the security agent ipaddress string optional the ip address of the endpoint macaddress string optional the mac address of the endpoint hostname string optional the name of the endpoint product string optional the trend micro product id managingserverid string optional the guid of the product server that manages the security agent output parameter type description status code number http status code of the response reason string response reason phrase result code number result of the operation result content array response content endpointid string unique identifier endpointhost string output field endpointhost endpointip string output field endpointip endpointmac string output field endpointmac product string output field product managingserverid string unique identifier addomain string output field addomain domain string output field domain domainhierarchy string output field domainhierarchy logonuser string output field logonuser platform string output field platform clientprogram string output field clientprogram connectionstatus string status value isolationstatus string status value firewall string output field firewall scanmethod string http method to use updateagent string output field updateagent lastscheduledscanutc string output field lastscheduledscanutc lastmanualscanutc string output field lastmanualscanutc laststartup string output field laststartup lastconnected string output field lastconnected example \[ { "status code" 200, "response headers" { "content type" "application/json" }, "reason" "ok", "json body" { "result code" 1, "result content" \[], "result description" "string" } } ] list udso entries retrieve a list of user defined suspicious objects (udso) from the trend micro apex central server endpoint url /api/suspiciousobjects/userdefinedso method get input argument name type required description type string optional the suspicious object type to query contentfilter string optional filters the list to suspicious objects that match the specified string output parameter type description status code number http status code of the response reason string response reason phrase data object response data featurectrl object output field featurectrl mode string output field mode meta object output field meta errorcode number error message if any errormsg string error message if any result number result of the operation permissionctrl object output field permissionctrl elements string output field elements permission string output field permission systemctrl object output field systemctrl tmcmsodist role string output field tmcmsodist role example \[ { "status code" 200, "response headers" { "content type" "application/json" }, "reason" "ok", "json body" { "data" {}, "featurectrl" {}, "meta" {}, "permissionctrl" {}, "systemctrl" {} } } ] list uploaded yara files retrieves a list of uploaded yara files from the trend micro apex central server, requiring specific 'param' details endpoint url /iocbackend/yararesource/filingcabinet method get input argument name type required description param object required parameter for list uploaded yara files filehashidlist array optional filters the list for file sha 1 values fuzzymatchstring string optional filters the list for matching strings in the "file name", "title", and "source context" fields pagenumber number optional filters the list to uploaded files that appear on the specified page number on the threat intel > custom intelligence > stix tab pagesize number optional filters the list to the specified number of uploaded files per page sortingcolumn number optional sorts the list by the specified table column sortingdirection number optional sorts the list in the specified direction output parameter type description status code number http status code of the response reason string response reason phrase data object response data filingcabinet array output field filingcabinet extractingstatus number status value fileaddeddatetime string time value filehashid string unique identifier filename string name of the resource shortdesc string output field shortdesc title string output field title uploadedby string output field uploadedby uploadedfrom number output field uploadedfrom totalioccount number count value featurectrl object output field featurectrl mode string output field mode meta object output field meta errorcode number error message if any errormsg string error message if any result number result of the operation permissionctrl object output field permissionctrl elements string output field elements permission string output field permission systemctrl object output field systemctrl tmcmsodist role string output field tmcmsodist role example \[ { "status code" 200, "response headers" { "content type" "application/json" }, "reason" "ok", "json body" { "data" {}, "featurectrl" {}, "meta" {}, "permissionctrl" {}, "systemctrl" {} } } ] response headers header description example content type the media type of the resource application/json