Trend Micro Vision One

22 min

this connector integrates trend micro vision one api with turbine prerequisites this connector requires an api token and a host asset setup to get a list of available hosts please see the https //automation trendmicro com/xdr/guides/regional domains in order to work with the api an api token is needed, please see the https //automation trendmicro com/xdr/guides/first steps toward u for more information notes https //automation trendmicro com/xdr/guides/regional domains https //automation trendmicro com/xdr/guides/first steps toward u configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add suspicious object adds domains, file sha 1 values, ip addresses, or urls to the suspicious object list endpoint url /v2 0/xdr/threatintel/suspiciousobjects method post input argument name type required description data array optional response data data type string optional response data data value string optional response data data description string optional response data data scanaction string optional response data data risklevel string optional response data data expiredday number optional response data input example {"json body" {"data" \[{"type" "domain","value" "1 alisiosanguera com cn","description" "example suspicious object ","scanaction" "log","risklevel" "high","expiredday" 15}]}} output parameter type description data object response data output example {"data" {}} isolate endpoint disconnects an endpoint from the network (but allows communication with the managing trend micro server product) endpoint url /v2 0/xdr/response/isolate method post input argument name type required description computerid string optional unique identifier productid string optional unique identifier description string optional parameter for isolate endpoint input example {"json body" {"computerid" "cb9c8412 1f64 4fa0 a36b 76bf41a07ede","productid" "sao","description" "isolate endpoint info"}} output parameter type description actionid number unique identifier taskstatus string status value output example {"actionid" 88139521,"taskstatus" "pending"} restore endpoint restores network connectivity to an endpoint that applied the "isolate endpoint" action endpoint url /v2 0/xdr/response/restoreisolate method post input argument name type required description computerid string optional unique identifier productid string optional unique identifier description string optional parameter for restore endpoint input example {"json body" {"computerid" "cb9c8412 1f64 4fa0 a36b 76bf41a07ede","productid" "sao","description" "restore isolated endpoint info"}} output parameter type description actionid number unique identifier taskstatus string status value output example {"actionid" 88139521,"taskstatus" "pending"} search observed attack techniques retrieves a list of events in the observed attack techniques app that match specified criteria endpoint url /v2 0/xdr/oat/detections method get input argument name type required description parameters start string optional parameters for the search observed attack techniques action parameters end string optional parameters for the search observed attack techniques action parameters ingeststart string optional parameters for the search observed attack techniques action parameters ingestend string optional parameters for the search observed attack techniques action parameters size string required parameters for the search observed attack techniques action parameters risklevels string optional parameters for the search observed attack techniques action parameters endpointname string optional parameters for the search observed attack techniques action parameters tacticids string optional parameters for the search observed attack techniques action parameters techniqueids string optional parameters for the search observed attack techniques action parameters filternames string optional parameters for the search observed attack techniques action parameters nextbatchtoken string optional parameters for the search observed attack techniques action input example {"parameters" {"start" "your start (integer)","end" "your end (integer)","ingeststart" "your ingeststart (integer)","ingestend" "your ingestend (integer)","size" "your size (integer)","risklevels" "your risklevels (array)","endpointname" "your endpointname (string)","tacticids" "your tacticids (array)","techniqueids" "your techniqueids (array)","filternames" "your filternames (array)","nextbatchtoken" "your nextbatchtoken (string)"}} output parameter type description info object output field info info code string output field info code info message string response message data object response data data totalcount number response data data searchapipostdata array response data data searchapipostdata from number response data data searchapipostdata to number response data data searchapipostdata source string response data data searchapipostdata query string response data data nextbatchtoken string response data data detections array response data data detections source string response data data detections uuid string response data data detections filters array response data data detections filters id string response data data detections filters name string response data data detections filters description string response data data detections filters tactics array response data data detections filters techniques array response data data detections filters highlightedobjects array response data data detections filters highlightedobjects type string response data data detections filters highlightedobjects field string response data data detections filters highlightedobjects value string response data data detections filters level string response data output example {"info" {"code" "1010000","message" "execution successful"},"data" {"totalcount" 0,"searchapipostdata" \[{}],"nextbatchtoken" "string","detections" \[{}]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt