Overview
Trend Micro Apex Central™ is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels.
Prerequisites
- Logsign 6.3.+ versions support this integration.
Configure On Trend Micro
Forwarding settings are completed as follows:
- Log in to the Apex Central portal.
- Click on Administrator > Settings > Automation API Access Settings.
- Click Add button.
- In the Automation Access Settings, copy the values of Application ID and API key.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write Apex Central.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- Application Id: Define the application id.
- Api Key: Define the Api Key.
- Host: The URL address of the Cyfirma device/product to be integrated with Logsign.
- Port: Define the port number.
- Click Create to save the changes.
Methods
ISOLATE-AGENT
- Device: Select the configuration you have configured.
- Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
- Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central.
- Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
- Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
- Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
RESTORE-AGENT
- Device: Select the configuration you have configured.
- Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
- Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central.
- Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
- Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
- Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
UNINSTALL-AGENT
- Device: Select the configuration you have configured.
- Entity Id: GUID of the managed product server whose details you want to retrieve from Trend Micro Apex Central.
- Host Name: Name of the endpoint whose associated security agents details you want to retrieve from Trend Micro Apex Central.
- Ip Address: IP address of the managed product agent on whose associated agent you want to perform the action.
- Mac Address: MAC address of the managed product agent on whose associated agent you want to perform the action.
- Product: Trend Micro product on the server instance on whose associated agent you want to perform the action.
CREATE-LIVE-INVESTIGATION
- Device: Select the configuration you have configured.
- Payload: Specify the payload.
LIST-UPLOADED-YARA-FILES
- Device: Select the configuration you have configured.
- File Hash Id List: Define the file hash id list.
- Fuzzy Match String: Define the fuzzy match string.
- Page Size: Specify the page size.
- Page Number: Specify the page number.
- Sorting Column: Specify the sorting column.
- Sorting Direction: Specify the sorting direction.
UPLOADED-YARA-FILES
- Device: Select the configuration you have configured.
- File Content Base64: Define the file content base64.
- File Name: Define the file name.
ADD-FILE-OBJECT-TO-UDSO-LIST
- Device: Select the configuration you have configured.
- File Content Base64 String: Define the file content base64 string.
- File Name: Define the file name.
- File Scan Action: Specify the file scan action (log, block, quarantine).
- Note: Define the note.
DELETE-UDSO-FROM-LIST
- Device: Select the configuration you have configured.
- Type: Specify the type (ip, url, file_sha1, domain).
- Content: Define the content.
- Scan Action: Define the scan action (log, block).
- Notes: Define the notes.
- Expiration Utc Date: Define the utc date.
ADD-UDSO-TO-LIST
- Device: Select the configuration you have configured.
- Content: Define the content.
- Scan Action: Specify the scan action (log, block).
- Note: Define the notes.
- Type: Specify the type (ip, url, file_sha1, domain).
- Expiration Time: Specify the expiration date (1 day, 3 days, 1 week).