Trend Micro Vision One XDR

Docs > Integrations > Trend Micro Vision One XDR

Trend Micro Vision One XDR - Workbench Alerts

Trend Micro Vision One XDR - Observed Attack Techniques

Overview

Trend Micro Vision One XDR collects and automatically correlates data across multiple security layers: email, endpoint, server, cloud workload, and network. This enables faster threat detection, enhances investigation and response times through improved security analysis.

This integration ingests the following logs:

Workbench Alerts: This endpoint contains information about all the standalone alerts triggered by detection models.
Observed Attack Techniques: This endpoint contains information about observed attack techniques from Detections, Endpoint Activity, Cloud Activity, Email Activity, Mobile Activity, Network Activity, Container Activity, and Identity Activity data sources.

This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products

Setup

Generate API Credentials in Trend Micro Vision One XDR

In the Trend Vision One console, go to on the left side-bar menu and visit Administration > API Keys.
Generate a new authentication token. Click Add API key. Specify the settings of the new API key with the following:
- Name: A meaningful name that can help you identify the API key
- Role: The user role assigned to the key. Select SIEM from dropdown.
- Expiration time: The time the API key remains valid.
- Status: Whether the API key is enabled.
- Details: Extra information about the API key.
Click Add.
To identify the Host Region of your Trend Micro Vision One XDR console please refer here.

Connect your Trend Micro Vision One XDR Account to Datadog

Add your Host Region and API Key.
Parameters Description
Host Region The Region of your Trend Micro Vision One XDR Console.
API Key The API Key of your Trend Micro Vision One XDR Console.
Click the Save button to save your settings.

Parameters	Description
Host Region	The Region of your Trend Micro Vision One XDR Console.
API Key	The API Key of your Trend Micro Vision One XDR Console.

Data Collected

Logs

The Trend Micro Vision One XDR integration collects and forwards Workbench Alerts and Observed Attack Techniques logs to Datadog.

Metrics

Trend Micro Vision One XDR does not include any metrics.

Service Checks

Trend Micro Vision One XDR does not include any service checks.

Events

Trend Micro Vision One XDR does not include any events.

Support

For further assistance, contact Datadog Support.