Trend Micro Vision One

Version: 1.2
Updated: Jun 3, 2025

The Trend Micro Vision One platform includes advanced XDR capabilities that collect and correlate deep activity data across multiple vectors – email, endpoints, servers, cloud workloads, and networks.

Actions

• Get File Analysis Status (Enrichment) - Retrieve status for analyzed file.
• Add Object To Suspicious Object List (Containment) - Add item to suspicious object list.
• Delete Object From Suspicious Object List (Containment) - Delete from suspicious object list.
• Add To Block List (Containment) - Add IoC to block list.
• Remove From Block List (Containment) - Remove IoC from block list.
• Get Response Rask Details (Enrichment) - Retrieve task details.
• Submit File (Containment) - Submit a file.
• List Alerts (Enrichment) - List all alerts.
• Get Suspicious Object List (Enrichment) - Retrieve list of suspicious objects.

Configure Trend Micro Vision One in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog

1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
2. Go to the Integrations page.
   Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
   New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
3. Select the installed integration.
4. Hover over the resource name and click the Edit button that appears.
   

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration:

• Label. Enter the name you want to use for the resource.

• URL. Enter your Trend Micro Vision One API URL, for example, https://api.xdr.trendmicro.com. Use the region-specific endpoint that matches your tenant's region. For example, for India the URL is https://api.in.xdr.trendmicro.com.

• Token. Enter your Trend Micro Vision One API key. To get the API key:

  1. Log in to your Trend Vision One console.
  2. Navigate to Administration > API Keys.
  3. Click Add API Key.
  4. Configure the API key settings.
  5. Click Add to generate the API key.

• Verify Server Certificate. Select to validate the server’s SSL certificate.

• Connection Timeout (s). Set the maximum amount of time the integration will wait for a server's response before terminating the connection. Enter the connection timeout time in seconds (for example, 180).

• Automation Engine. Select Cloud execution for this certified integration. Select a bridge option only for a custom integration. See Cloud or Bridge execution.

• Proxy Options. Select whether to use a proxy. (Applies only if the automation engine uses a bridge instead of cloud execution.)

  • Use no proxy. Communication runs on the bridge and does not use a proxy.
  • Use default proxy. Use the default proxy for the bridge set up as described in Using a proxy.
  • Use different proxy. Use your own proxy service. Provide the proxy URL and port number.

For information about Trend Micro Vision One, see Trend Micro Vision One documentation.

Change Log

• October 28, 2021 - First upload
• June 30, 2023 (v1.1) - Updated the integration with Environmental Variables
• June 3, 2025 (v1.2)
  • Fixed type SHA1 issue in action Add Object To Suspicious Object List and Delete Object From Suspicious Object List
  • Added SHA256 support in action Add Object To Suspicious Object List and Delete Object From Suspicious Object List