TREND MICRO APEX CENTRAL RESPONSE INTEGRATION

Overview

 

Trend Micro Apex Central™ is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels.

Prerequisites

  • Logsign 6.3.+ versions support this integration.

Configure On Trend Micro

 

Forwarding settings are completed as follows:

 

  1. Log in to the Apex Central portal.
  2. Click on Administrator > Settings > Automation API Access Settings.

 

 

  1. Click Add button.



 

  1. In the Automation Access Settings, copy the values of Application ID and API key.

 

Configure On Logsign

 

Forwarding settings are completed as follows:

 

  1. Click Settings > Integrations > Responses.
  2. In the ‘Search’ part, write Apex Central.
  3. Click ‘Configure’ and then click ‘+Device’.

 

  1. Define the settings as follows:
  • Device Name: Define the Device Name.
  • Application Id: Define the application id.
  • Api Key: Define the Api Key.
  • Host: The URL address of the Cyfirma device/product to be integrated with Logsign.
  • Port: Define the port number.
  1. Click Create to save the changes.





Methods

ISOLATE-AGENT 

 

  • Device: Select the configuration you have configured.
  • Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
  • Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central. 
  • Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
  • Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
  • Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
RESTORE-AGENT

 



  • Device: Select the configuration you have configured.
  • Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
  • Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central. 
  • Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
  • Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
  • Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
UNINSTALL-AGENT

 

  • Device: Select the configuration you have configured.
  • Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
  • Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central. 
  • Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
  • Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
  • Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
CREATE-LIVE-INVESTIGATION

  • Device: Select the configuration you have configured.
  • Payload: Specify the payload.



















LIST-UPLOADED-YARA-FILES

 

 

  • Device: Select the configuration you have configured.
  • File Hash Id List: Define the file hash id list.
  • Fuzzy Match String: Define the fuzzy match string.
  • Page Size: Specify the page size.
  • Page Number: Specify the page number.
  • Sorting Column: Specify the sorting column.
  • Sorting Direction: Specify the sorting direction.




UPLOADED-YARA-FILES

 

  • Device: Select the configuration you have configured.
  • File Content Base64: Define the file content base64.
  • File Name: Define the file name.










ADD-FILE-OBJECT-TO-UDSO-LIST

 

 

  • Device: Select the configuration you have configured.
  • File Content Base64 String: Define the file content base64 string.
  • File Name: Define the file name.
  • File Scan Action: Specify the file scan action (log, block, quarantine).
  • Note: Define the note.









DELETE-UDSO-FROM-LIST

 

 

  • Device: Select the configuration you have configured.
  • Type: Specify the type (ip, url, file_sha1, domain).
  • Content: Define the content.
  • Scan Action: Define the scan action (log, block).
  • Notes: Define the notes.
  • Expiration Utc Date: Define the utc date.






ADD-UDSO-TO-LIST

 

 

  • Device: Select the configuration you have configured.
  • Content: Define the content.
  • Scan Action: Specify the scan action (log, block).
  • Note: Define the notes.
  • Type: Specify the type (ip, url, file_sha1, domain).
  • Expiration Time: Specify the expiration date (1 day, 3 days, 1 week).
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.