Trend Micro Vision One

Trend Micro Vision One is a threat defense platform that includes: Advanced extended detection and response (XDR) capabilities.

Asset Types Fetched

• Devices
• Vulnerabilities
• Users
• Software
• SaaS Applications

Before You Begin

Required Ports

• TCP port 443

Authentication Methods

• Token

Required Permissions

The value supplied in User API Token must be associated with credentials that have the following permissions for

• Report Management:

  • View
  • Configure and download

• Endpoint Inventory

  • View

APIs

Axonius uses the Trend Vision One Public API (v3.0).

Connection Parameters

To connect the adapter in Axonius, provide the following parameters.

Required Parameters

1. Host Name or IP Address - Enter the the hostname or IP address of the Trend Micro Vision One server.

2. Token - Enter an API Key associated with a user account that has permissions to fetch assets. Read here about getting the API.

Optional Parameters

1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

2. HTTPS Proxy - Enter an HTTPS proxy address to connect the adapter to a proxy instead of directly connecting it to the domain.

3. HTTPS Proxy User Name - Enter the user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

4. HTTPS Proxy Password - Enter the password to use when connecting to the server using the HTTPS Proxy.

To learn about additional optional/common adapter connection parameters and options, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

• Advanced settings can apply to either all connections of this adapter, or to a specific connection. For more detailed information, see Advanced Configuration for Adapters.
• For more general information about advanced settings, see Adapter Advanced Settings.

Specific advanced settings that relate to the Trend Micro Vision One adapter are shown in the following figure.

1. Fetch Device Vulnerabilities (default: true) - By default Axonius fetches device vulnerabilities. Clear this option to not fetch device vulnerabilities.
2. Fetch Installed Software - Select this option to enrich devices with installed software.
3. Fetch Extended Endpoint Details - Select this option to fetch extended endpoint details (including network interfaces (IP addresses and MAC addresses), cloud provider, and cloud ID). All of this data can significantly help with correlation.
4. Fetch Risky Devices (default: true) - By default Axonius fetches risky devices. Clear this option to disable the risky devices endpoint.
5. Fetch Users - Select this option to fetch users.
6. Page Size (default: 200) - Specify the number of entities returned per page request.

Supported From Version

Supported from Axonius version 4.8.