Overview
To view Trend Micro Vision One logs through the Logsign Unified SecOps Platform product, you will need to perform some configurations.
First, enter the link you have for Trend Micro Vision One. You are expected to be an authorized user who can access the management panel and take actions.
Prerequisites
- Logsign Unified SecOps Platform 6.3.34+ versions support this response.
Configure On Trend Micro Vision One
We need to access the API Keys field from the area where our name is written in the upper right corner of the application that we log in with the administrator account.
Then click on Add API Key and create an API.
You can type the API name in the Name section. You need to select Master Administrator as Role. You can select it to be indefinite in the Expiration Time section.
Save the API Key you created. You can only see it once.
Log into Logsign Unified SecOps Platform and then click on the Settings option in the top menu. In the window that opens, click on ‘Responses’ on the left side to view the sources you have added to Logsign Unified SecOps Platform. You need to find Trend Micro Vision One in the drop-down list and click Configure to proceed.
You need to write the API key you received in the Token section.
In the part that says url, you must enter the data written on the site where you log in to the application.
As an example, I share the url information of the environment we use for testing below. It will be enough to add what is written in your own environment as seen.
https://portal.eu.xdr.trendmicro.com/
The most important thing to pay attention to in the environment you use will be region. EU is specified in the URL, this may be different for you.