forked from DataDog/integrations-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEMINT-85] DDS: Trend Micro Vision One XDR: Crawler Integration v1.…
…0.0 (DataDog#18208) * Add trend micro vision one xdr assets * Add images and update readme * Add integration in labeler.yaml file * Update pipeline yaml * Add service in test yaml file * Update sample in test yaml file * Update test yaml sample * Update test results * Update dashboards * Minor README change * Address review comments * Update manifest file * Revert app_uuid to it's original value in manifest * Update display_on_public_website to false in manifest * Address review comments * Address review comments * Remove traliling space in README * Address review comments * Update README * Update readme --------- Co-authored-by: Thibault Krebs <[email protected]>
- Loading branch information
1 parent
501c0e4
commit d7791ed
Showing
10 changed files
with
9,241 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| # CHANGELOG - trend-micro-vision-one-xdr | ||
|
|
||
| ## 1.0.0 / 2024-08-06 | ||
| ## 1.0.0 / 2024-08-20 | ||
|
|
||
| ***Added***: | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,52 @@ | ||
| # Agent Check: trend-micro-vision-one-xdr | ||
|
|
||
| ## Overview | ||
|
|
||
| This check monitors [trend-micro-vision-one-xdr][1]. | ||
|
|
||
| ## Setup | ||
| [Trend Micro Vision One XDR][1] collects and automatically correlates data across multiple security layers: email, endpoint, server, cloud workload, and network. This enables faster threat detection, enhances investigation and response times through improved security analysis. | ||
|
|
||
| ### Installation | ||
| This integration ingests the following logs: | ||
|
|
||
| The trend-micro-vision-one-xdr check is included in the [Datadog Agent][2] package. | ||
| No additional installation is needed on your server. | ||
| - **Workbench Alerts**: This endpoint contains information about all the standalone alerts triggered by detection models. | ||
| - **Observed Attack Techniques**: This endpoint contains information about observed attack techniques from Detections, Endpoint Activity, Cloud Activity, Email Activity, Mobile Activity, Network Activity, Container Activity, and Identity Activity data sources. | ||
|
|
||
| ### Configuration | ||
| This integration collects logs from the sources listed above and sends them to Datadog for analysis with our Log Explorer and Cloud SIEM products | ||
| * [Log Explorer][3] | ||
| * [Cloud SIEM][4] | ||
|
|
||
| !!! Add list of steps to set up this integration !!! | ||
| ## Setup | ||
|
|
||
| ### Validation | ||
| ### Configuration | ||
|
|
||
| !!! Add steps to validate integration is functioning as expected !!! | ||
| 1. In the Trend Vision One console, go to on the left side-bar menu and visit **Administration > API Keys** . | ||
| 2. Generate a new authentication token. Click **Add API key**. Specify the settings of the new API key with the following: | ||
| - **Name**: A meaningful name that can help you identify the API key | ||
| - **Role**: The user role assigned to the key. Select **SIEM** from dropdown. | ||
| - **Expiration time**: The time the API key remains valid. | ||
| - **Status**: Whether the API key is enabled. | ||
| - **Details**: Extra information about the API key. | ||
| 3. Click **Add**. | ||
| 4. Copy API Key to the form below along with the Host Region of your Trend Micro Vision One XDR console. | ||
|
|
||
| ## Data Collected | ||
|
|
||
| ### Logs | ||
| The Trend Micro Vision One XDR integration collects and forwards Workbench Alerts and Observed Attack Techniques logs to Datadog. | ||
|
|
||
| ### Metrics | ||
|
|
||
| trend-micro-vision-one-xdr does not include any metrics. | ||
| Trend Micro Vision One XDR does not include any metrics. | ||
|
|
||
| ### Service Checks | ||
|
|
||
| trend-micro-vision-one-xdr does not include any service checks. | ||
| Trend Micro Vision One XDR does not include any service checks. | ||
|
|
||
| ### Events | ||
|
|
||
| trend-micro-vision-one-xdr does not include any events. | ||
|
|
||
| ## Troubleshooting | ||
| Trend Micro Vision One XDR does not include any events. | ||
|
|
||
| Need help? Contact [Datadog support][3]. | ||
| ## Support | ||
|
|
||
| [1]: **LINK_TO_INTEGRATION_SITE** | ||
| [2]: https://app.datadoghq.com/account/settings/agent/latest | ||
| [3]: https://docs.datadoghq.com/help/ | ||
| For further assistance, contact [Datadog Support][2]. | ||
|
|
||
| [1]: https://www.trendmicro.com/en_in/business/products/detection-response/xdr.html | ||
| [2]: https://docs.datadoghq.com/help/ | ||
| [3]: https://docs.datadoghq.com/logs/explorer/ | ||
| [4]: https://www.datadoghq.com/product/cloud-siem/ |
Oops, something went wrong.