Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 7.1.2 External Systems Configuration Guide
    7.1.2
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Trend Vision One

    Trend Vision One

    Support Added: FortiSIEM 7.1.1

    Vendor Version Tested: Not Provided

    Vendor: Trend Micro

    Product Information: https://www.trendmicro.com/en_us/business.html

    Trend Vision One is the solution name for the new Trend Vision One platform that enhances and consolidates detection, investigation and response capabilities across email, endpoints, servers, cloud workloads and networks.

    Event Types

    In ADMIN > Device Support > Event Types, search for "Trend_Vision" to see the event types associated with this device.

    Configuration

    Required API Permissions for Trend Vision One Integration

    The following APIs are called for the Trend Vision One integration. The required API key role permissions are provided here.

    Note: See https://automation.trendmicro.com/xdr/api-v3 for more information.

    API

    API Key Role Permissions Required

    Audit Logs

    v3.0/audit/logs

    • View, filter, and search

    • Export And Download

    Workbench

    v3.0/workbench/alerts

    • View, filter, and search

    Sandbox Analysis

    v3.0/sandbox/analysisResults

    • View, filter, and search

    • Submit objects

    Search

    v3.0/search/endpointActivities

    v3.0/search/detections

    v3.0/search/emailActivities

    v3.0/search/networkActivities

    v3.0/search/containerActivities

    • View, filter, and search

    Acquire Trend Vision One API Token

    FortiSIEM requires an API token from Trend Vision One. Take the following steps from your Trend Vision One console.

    1. Navigate to Administration > User Accounts.

    2. Click on your Account Name.

    3. Copy the authentication token and place it in a secure location.

      Note: By default, an authentication token expires one year after its creation. However, a Master Administrator can delete and re-generate a token at any time.

    4. Click Close.

    FortiSIEM Setup

    Take the following steps to configure Trend Vision One with FortiSIEM.

    Create Trend Vision One Credential

    1. Login to FortiSIEM as an administrator.

    2. Navigate to Admin > Setup > Credentials.

    3. Under Step 1: Enter Credentials, click New.

    4. In the Access Method Definition window, input the following:

      1. In the Name field, enter "TrendMicro Trend Vision One".

      2. From the Device Type drop-down list, select TrendMicro Trend Vision One.

      3. In the Token field, enter/paste the authentication token information from Acquire Trend Vision One API Token.

      4. In the Confirm Token field, enter/paste the same authentication token information from Acquire Trend Vision One API Token.

      5. Click Save.

      6. Ensure the Trend Vision One Credential is selected. If it isn't, select it.

    Create IP to Credential Mapping

    Under Step 2: Enter IP Range to Credential Associations, take the following steps.

    1. Click New.

    2. From the Device Credential Mapping Definition window, take the following steps.

      1. From the Credentials drop-down list, select the credential you just created in the above steps.

      2. In the IP/Host Name field, enter the host name based on your appropriate region.

        Region

        Host Name

        Australia

        api.au.xdr.trendmicro.com

        European Union

        api.eu.xdr.trendmicro.com

        India

        api.in.xdr.trendmicro.com

        Japan

        api.xdr.trendmicro.co.jp

        Singapore

        api.sg.xdr.trendmicro.com

        United States

        api.xdr.trendmicro.com

      3. Click Save.

    Verifying Mapping

    To verify your configuration, take the following steps.

    1. Under Step 2: Enter IP Range to Credential Associations, select the "IP to Credential Mapping" you just created.

    2. Click the Test drop-down, and select Test Connectivity without Ping.

    3. Navigate to Admin > Setup > Pull Events. The new job will appear in the Pull Events table.

    4. Events can be queried from the Analytics page by doing a search of Raw Event Log CONTAIN Trend_Vision_One_.

    Previous
    Next

    Trend Vision One

    Trend Vision One

    Support Added: FortiSIEM 7.1.1

    Vendor Version Tested: Not Provided

    Vendor: Trend Micro

    Product Information: https://www.trendmicro.com/en_us/business.html

    Trend Vision One is the solution name for the new Trend Vision One platform that enhances and consolidates detection, investigation and response capabilities across email, endpoints, servers, cloud workloads and networks.

    Event Types

    In ADMIN > Device Support > Event Types, search for "Trend_Vision" to see the event types associated with this device.

    Configuration

    Required API Permissions for Trend Vision One Integration

    The following APIs are called for the Trend Vision One integration. The required API key role permissions are provided here.

    Note: See https://automation.trendmicro.com/xdr/api-v3 for more information.

    API

    API Key Role Permissions Required

    Audit Logs

    v3.0/audit/logs

    • View, filter, and search

    • Export And Download

    Workbench

    v3.0/workbench/alerts

    • View, filter, and search

    Sandbox Analysis

    v3.0/sandbox/analysisResults

    • View, filter, and search

    • Submit objects

    Search

    v3.0/search/endpointActivities

    v3.0/search/detections

    v3.0/search/emailActivities

    v3.0/search/networkActivities

    v3.0/search/containerActivities

    • View, filter, and search

    Acquire Trend Vision One API Token

    FortiSIEM requires an API token from Trend Vision One. Take the following steps from your Trend Vision One console.

    1. Navigate to Administration > User Accounts.

    2. Click on your Account Name.

    3. Copy the authentication token and place it in a secure location.

      Note: By default, an authentication token expires one year after its creation. However, a Master Administrator can delete and re-generate a token at any time.

    4. Click Close.

    FortiSIEM Setup

    Take the following steps to configure Trend Vision One with FortiSIEM.

    Create Trend Vision One Credential

    1. Login to FortiSIEM as an administrator.

    2. Navigate to Admin > Setup > Credentials.

    3. Under Step 1: Enter Credentials, click New.

    4. In the Access Method Definition window, input the following:

      1. In the Name field, enter "TrendMicro Trend Vision One".

      2. From the Device Type drop-down list, select TrendMicro Trend Vision One.

      3. In the Token field, enter/paste the authentication token information from Acquire Trend Vision One API Token.

      4. In the Confirm Token field, enter/paste the same authentication token information from Acquire Trend Vision One API Token.

      5. Click Save.

      6. Ensure the Trend Vision One Credential is selected. If it isn't, select it.

    Create IP to Credential Mapping

    Under Step 2: Enter IP Range to Credential Associations, take the following steps.

    1. Click New.

    2. From the Device Credential Mapping Definition window, take the following steps.

      1. From the Credentials drop-down list, select the credential you just created in the above steps.

      2. In the IP/Host Name field, enter the host name based on your appropriate region.

        Region

        Host Name

        Australia

        api.au.xdr.trendmicro.com

        European Union

        api.eu.xdr.trendmicro.com

        India

        api.in.xdr.trendmicro.com

        Japan

        api.xdr.trendmicro.co.jp

        Singapore

        api.sg.xdr.trendmicro.com

        United States

        api.xdr.trendmicro.com

      3. Click Save.

    Verifying Mapping

    To verify your configuration, take the following steps.

    1. Under Step 2: Enter IP Range to Credential Associations, select the "IP to Credential Mapping" you just created.

    2. Click the Test drop-down, and select Test Connectivity without Ping.

    3. Navigate to Admin > Setup > Pull Events. The new job will appear in the Pull Events table.

    4. Events can be queried from the Analytics page by doing a search of Raw Event Log CONTAIN Trend_Vision_One_.

    Previous
    Next