Trend Micro Vision One

Version: Trend Micro Vision One

Trend Micro Vision One XDR (extended detection and response) collects and automatically correlates data across multiple security layers – email, endpoint, server, cloud workload, and network. This allows for faster detection of threats and improved investigation and response times through security analysis.

Netsurion Open XDR facilitates monitoring events retrieved from Trend Micro Vision One. Its dashboard, category, alerts, and reports benefit in detecting vulnerabilities, malware attacks, phishing email attacks, lateral movements, and others.

Firstly, it is necessary to set up Trend Micro Vision One to deliver events to the Netsurion Open XDR and then configure the dashboards and reports into the Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type	Name	Description
Security	Trend Micro Vision One – Critical activity detected	This critical activity alert is triggered when the severity of the log is 7,8,9, and 10.
Security	Trend Micro Vision One: Critical workbench activity detected	This critical workbench activity alert is triggered when the severity of the log is 7,8,9, and 10.

Reports

Type	Name	Description
Security	Trend Micro Vision One – Workbench alert detail	This report provides a detailed summary of the workbench alert activities in Trend Micro Vision One. The report includes the category, severity, requested URL, affected devices, affected accounts, MITRE IDs, and more.
Security	Trend Micro Vision One – Observed attack technique details	This report provides a detailed summary of the individual activities in Trend Micro Vision One. The report includes the device hostname, device IP address, MITRE IDs, threat category, severity, and more.

Documentation

The configuration details are consistent with the Netsurion Open XDR 9.3 or later and Trend Micro Vision One.

Download Integration Guide and How-To guide for configuration instructions and more information.