Trend Micro Vision One V3

TrendAI Vision One™ is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—TrendAI Vision One™ prevents the majority of attacks with automated protection.

Data Enrichment & Threat Intelligence · TrendAI Vision One™

Configuration parameters

  • url — API URL (e.g. https://api.xdr.trendmicro.com) (required)
  • apikey — (required)
  • isFetch — Fetch incidents
  • incidentFetchInterval — Incidents Fetch Interval
  • incidentType — Incident type
  • first_fetch — Sync On First Run (days)
  • max_fetch — Max Incidents
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)
  • integrationReliability — Source Reliability
  • incident_severity — Severity
  • mirror_direction — Incident Mirroring Direction

Commands (47)

  • get-mapping-fields

    Returns the list of fields for an incident type. This command is used for incident mirroring.

  • get-modified-remote-data

    Gets the list of Vision One alerts that were modified since the last update time. This command is used for incoming mirroring.

  • get-remote-data

    Gets remote data from Vision One for a specific alert. This method is used for incoming mirroring and debugging purposes.

  • trendmicro-visionone-add-custom-script

    Adds a custom script to V1 portal in Response management under custom scripts.

  • trendmicro-visionone-add-note

    Attaches a note to a workbench alert.

  • trendmicro-visionone-add-objects-to-exception-list

    Adds domain, ip, url, file_sha1, file_sha256, sender_mail_address to the Exception List and prevents these objects from being added to the Suspicious Object List.

  • trendmicro-visionone-add-objects-to-suspicious-list

    Adds domain, ip, url, file_sha1, file_sha256, sender_mail_address to the Suspicious Object List.

  • trendmicro-visionone-add-to-block-list

    Adds a domain, ip, file_sha1, url, sender_mail_address to the User-Defined Suspicious Objects List, which blocks the objects on subsequent detections.

  • trendmicro-visionone-check-task-status

    Command gives the status of the running task based on the task id.

  • trendmicro-visionone-collect-forensic-file

    Compresses a file on an endpoint in a password-protected archive and then sends the archive to the XDR service platform.

  • trendmicro-visionone-delete-custom-script

    Delete a custom script based on script ID.

  • trendmicro-visionone-delete-email-message

    Deletes a message from a mailbox.

  • trendmicro-visionone-delete-objects-from-exception-list

    Deletes domain, ip, url, file_sha1, file_sha256, sender_mail_address from the Exception List.

  • trendmicro-visionone-delete-objects-from-suspicious-list

    Deletes domain, ip, url, file_sha1, file_sha256, sender_mail_address from the Suspicious Object List.

  • trendmicro-visionone-disable-user-account

    Signs the user out of all active application and browser sessions, and prevents the user from signing in any new session. Supported IAM systems -> Azure AD and Active Directory (on-premises).

  • trendmicro-visionone-download-analysis-report

    Downloads the analysis report for an object submitted to sandbox for analysis based on the submission ID.

  • trendmicro-visionone-download-custom-script

    Downloads the contents of a custom script based on script ID.

  • trendmicro-visionone-download-information-for-collected-forensic-file

    Retrieves a URL and other information required to download a collected file via the trendmicro-visionone-collect-forensic-file command.

  • trendmicro-visionone-download-investigation-package

    Downloads the investigation package based on submission ID.

  • trendmicro-visionone-download-suspicious-object-list

    Downloads the suspicious object list associated to the specified object. Note ~ Suspicious Object Lists are only available for objects with a high risk level.

  • trendmicro-visionone-enable-user-account

    Allows the user to sign in to new application and browser sessions. Supported IAM systems -> Azure AD and Active Directory (on-premises).

  • trendmicro-visionone-force-password-reset

    Signs the user out of all active application and browser sessions, and forces the user to create a new password during the next sign-in attempt. Supported IAM systems -> Azure AD and Active Directory (on-premises).

  • trendmicro-visionone-force-signout

    Signs the user out of all active application and browser sessions. Supported IAM systems -> Azure AD.

  • trendmicro-visionone-get-alert-details

    Fetches details for a specific alert.

  • trendmicro-visionone-get-custom-script-list

    Fetches a list of all available custom scripts in V1 XDR Portal.

  • trendmicro-visionone-get-email-activity-data

    Displays search results from the Email Activity Data source that match the parameters provided.

  • trendmicro-visionone-get-email-activity-data-count

    Displays search results from the Email Activity Data source that match the parameters provided.

  • trendmicro-visionone-get-endpoint-activity-data

    Displays search results from the Endpoint Activity Data source that match the parameters provided.

  • trendmicro-visionone-get-endpoint-activity-data-count

    Displays total count of search results from the Endpoint Activity Data source that match the parameters provided.

  • trendmicro-visionone-get-endpoint-info

    Retrieves information about a specific endpoint.

  • trendmicro-visionone-get-file-analysis-result

    Retrieves the sandbox submission analysis result.

  • trendmicro-visionone-get-file-analysis-status

    Retrieves the status of a sandbox analysis submission.

  • trendmicro-visionone-get-observed-attack-techniques

    Displays a list of Observed Attack Techniques events that match the specified criteria.

  • trendmicro-visionone-isolate-endpoint

    Disconnects an endpoint from the network (but allows communication with the managing TrendAI™ product).

  • trendmicro-visionone-quarantine-email-message

    Moves a message from a mailbox to the quarantine folder.

  • trendmicro-visionone-remove-from-block-list

    Removes a domain, ip, file_sha1, url, sender_mail_address from the User-Defined Suspicious Objects List.

  • trendmicro-visionone-restore-email-message

    Restores a quarantined message. Deleted messages cannot be restored.

  • trendmicro-visionone-restore-endpoint-connection

    Restores network connectivity to an endpoint that applied the "isolate endpoint" action.

  • trendmicro-visionone-run-custom-script

    Runs a custom script on the specified endpoint or agentGuid.

  • trendmicro-visionone-run-sandbox-submission-polling

    Runs a polling command to retrieve the status of a sandbox analysis submission.

  • trendmicro-visionone-submit-file-entry-to-sandbox

    Submits a file to the sandbox for analysis (Note. For more information about the supported file types, see [the TrendAI Vision One™Online Help](https://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/threat-intelligence-/sandbox-analysis/sandbox-supported-fi.aspx). Submissions require credits. Does not require credits in regions where Sandbox Analysis has not been officially released.)

  • trendmicro-visionone-submit-file-to-sandbox

    Submits a file to the sandbox for analysis (Note. For more information about the supported file types, see [the TrendAI Vision One™ Online Help](https://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/threat-intelligence-/sandbox-analysis/sandbox-supported-fi.aspx). Submissions require credits. Does not require credits in regions where Sandbox Analysis has not been officially released.)

  • trendmicro-visionone-submit-urls-to-sandbox

    Sends URL(s) to sandbox for analysis.

  • trendmicro-visionone-terminate-process

    Terminates a process that is running on an endpoint.

  • trendmicro-visionone-update-custom-script

    Updates the contents of a custom script based on script ID.

  • trendmicro-visionone-update-status

    Updates the status of a workbench alert.

  • update-remote-system

    Pushes local XSOAR incident changes to the remote Vision One alert system. This command is used for outgoing mirroring.