Skip to content

Interpres Application - TrendMicro Vision One

  • Type: Endpoint
  • Vendor: TrendMicro

Vendor setup

Base URL mapping

  • Australia: https://api.au.xdr.trendmicro.com
  • Germany: https://api.eu.xdr.trendmicro.com
  • India: https://api.in.xdr.trendmicro.com
  • Japan: https://api.xdr.trendmicro.co.jp
  • Singapore: https://api.sg.xdr.trendmicro.com
  • United Arab Emirates: https://api.mea.xdr.trendmicro.com
  • United Kingdom: https://api.uk.xdr.trendmicro.com
  • United States: https://api.xdr.trendmicro.com
  • United States (for Government): https://api.usgov.xdr.trendmicro.com

Custom role creation

  1. On the Trend Vision One console, go to Administration - User roles
  2. Click “Add role”
  3. Configure the new custom role:
  4. Can be assigned to API Keys / yes
  5. Can be assigned to user accounts / no
  6. Assign “Read-Only” permissions

API key creation

  1. On the Trend Vision One console, go to Administration - API Keys
  2. Generate a new authentication token
  3. Assign to the API key the previously created custom role

App Configuration

App Parameters:

  • Base URL: The URL To the source instance. (this should only be up through the hostname e.g. https://api.xdr.trendmicro.com
  • API Key: API key

App Validation

Implemented Actions

  • Get Alerts: Get Workbench alerts
  • Get Assets: Get devices in Attack Surface Discovery found in your environment
  • Get Available Telemetry: Get telemetry by Vision One
  • Get Detections: Get detection models and custom detection models
  • Get Vulnerabilities: Get CVEs detected in devices