Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Trend Micro SMS (Security Management System) provides a global vision and security policy control for threat intelligence and enables comprehensive analysis and corrections. 

This document provides information about the TrendMicro SMS connector, which facilitates automated interactions, with a TrendMicro SMS server using FortiSOAR™ playbooks. Add the TrendMicro SMS connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding or importing reputation entries to TrendMicro SMS and searching for reputation entries in the TrendMicro SMS database.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-trend-micro-sms

Prerequisites to configuring the connector

  • You must have the IP address or the FQDN and the port number of Trend Micro SMS server to which you will connect and perform automated operations and the SMS username and password to access that server.
  • To access the CyOPsTM UI, ensure that port 443 is open through the firewall for the CyOPsTM instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™ , on the Connectors page, click the Trend Micro SMS connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details: 

Parameter Description
Server Address IP address or FQDN of the TrendMicro SMS server to which you will connect and perform the automated operations.
SMS Username SMS Username to access the TrendMicro SMS server to which you will connect and perform the automated operations.
SMS Password SMS Password to access the TrendMicro SMS server to which you will connect and perform the automated operations.
Port Port number of the TrendMicro SMS server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Import Reputation Imports a file that contains one or more reputation entries, which you want to import into TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
import_reputation_bulk
Investigation
Add Reputation Entry Add a new reputation entry to the TrendMicro SMS database based on the address tag and values, and other input parameters you have specified. add_reputation_entry
Investigation
Delete Reputation Entries Deletes one or more reputation entries from the TrendMicro SMS database based on the list of IP addresses, URLs, or DNSs, and other input parameters you have specified. delete_reputation_entry
Investigation
Delete Reputation Imports a file that contains one or more reputation entries, which you want to delete from TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
delete_reputation_bulk
Investigation
Query Reputation Entries Searches the TrendMicro SMS Reputation database for one or more user reputation entries based on the list of IP addresses, URLs, or DNSs that you have specified. query_reputation_entry
Investigation

operation: Import Reputation

Input parameters

Parameter Description
Import File Select the file that you want to import into TrendMicro SMS.
Note: All entries in the file must be of the same address type. Following address types can be imported: IPv4, IPv6, DNS, and URL.
Address Type Address type that you are importing into TrendMicro SMS. This address type is used to add a reputation entry in the database. By default, this is set to IPv4.

Output

The output contains a non-dictionary value.

operation: Add Reputation Entry

Input parameters

Parameter Description
Address Type Address type to be added to the TrendMicro SMS database. You can select from the following options: IP, DNS, or URL.
Address values Values of the address to be added to the TrendMicro SMS database based on the address type you have selected. For example, if you choose IP, then you can add values such as 1.1.1.1.
Tag Data (Optional) One or more tag categories and their values that you want to add to the reputation entry in the TrendMicro SMS database.
The list values must be separated by ~~~. For example: MalwareIpType,malwareSource~~~cncHost

Output

The output contains a non-dictionary value.

operation: Delete Reputation Entries

Input parameters

Parameter Description
List OF IPs List of IPv4 or IPv6 addresses based on which you want to delete the reputation entry from TrendMicro SMS.
Note: You must specify either the list of IP address, DNSs, or URLs.
List OF DNS List of DNS addresses based on which you want to delete the reputation entry from TrendMicro SMS.
List OF URLs List of URLs based on which you want to delete the reputation entry from TrendMicro SMS.
Criteria Criteria to delete the reputation entry from TrendMicro SMS.  You can choose from the following values: 
  • All: Deletes all the reputation entries, including user-defined and RepDV entries. 
  • USER: Deletes all user-defined entries. 
  • REPDV: Deletes all RepDV entries. 
  • ENTRY: Deletes specified entries.

Output

The output contains a non-dictionary value.

operation: Delete Reputation

Input parameters

Parameter Description
Import File Imports a file that contains one or more reputation entries, that you want to delete from TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
Address Type Address type that you want to delete from TrendMicro SMS. This address type is used to delete the reputation entry from the database. By default, this is set to IPv4.

Output

The output contains a non-dictionary value.

operation: Query Reputation Entries

Input parameters

Parameter Description
Address Type Type of address that you want to search in TrendMicro SMS database.  You can select from the following options: IP, DNS, or URL.
Address Values Values of the address that you want to search for in the TrendMicro SMS database based on the address type you have selected. For example, if you choose IP, then you can add values such as 1.1.1.1.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Trend Micro SMS - 1.0.0 playbook collection comes bundled with the Trend Micro SMS connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the Trend Micro SMS connector.

  • Import Reputation
  • Add Reputation Entry
  • Delete Reputation Entries
  • Delete Reputation
  • Query Reputation Entries

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Trend Micro SMS (Security Management System) provides a global vision and security policy control for threat intelligence and enables comprehensive analysis and corrections. 

This document provides information about the TrendMicro SMS connector, which facilitates automated interactions, with a TrendMicro SMS server using FortiSOAR™ playbooks. Add the TrendMicro SMS connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding or importing reputation entries to TrendMicro SMS and searching for reputation entries in the TrendMicro SMS database.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-trend-micro-sms

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™ , on the Connectors page, click the Trend Micro SMS connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details: 

Parameter Description
Server Address IP address or FQDN of the TrendMicro SMS server to which you will connect and perform the automated operations.
SMS Username SMS Username to access the TrendMicro SMS server to which you will connect and perform the automated operations.
SMS Password SMS Password to access the TrendMicro SMS server to which you will connect and perform the automated operations.
Port Port number of the TrendMicro SMS server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Import Reputation Imports a file that contains one or more reputation entries, which you want to import into TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
import_reputation_bulk
Investigation
Add Reputation Entry Add a new reputation entry to the TrendMicro SMS database based on the address tag and values, and other input parameters you have specified. add_reputation_entry
Investigation
Delete Reputation Entries Deletes one or more reputation entries from the TrendMicro SMS database based on the list of IP addresses, URLs, or DNSs, and other input parameters you have specified. delete_reputation_entry
Investigation
Delete Reputation Imports a file that contains one or more reputation entries, which you want to delete from TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
delete_reputation_bulk
Investigation
Query Reputation Entries Searches the TrendMicro SMS Reputation database for one or more user reputation entries based on the list of IP addresses, URLs, or DNSs that you have specified. query_reputation_entry
Investigation

operation: Import Reputation

Input parameters

Parameter Description
Import File Select the file that you want to import into TrendMicro SMS.
Note: All entries in the file must be of the same address type. Following address types can be imported: IPv4, IPv6, DNS, and URL.
Address Type Address type that you are importing into TrendMicro SMS. This address type is used to add a reputation entry in the database. By default, this is set to IPv4.

Output

The output contains a non-dictionary value.

operation: Add Reputation Entry

Input parameters

Parameter Description
Address Type Address type to be added to the TrendMicro SMS database. You can select from the following options: IP, DNS, or URL.
Address values Values of the address to be added to the TrendMicro SMS database based on the address type you have selected. For example, if you choose IP, then you can add values such as 1.1.1.1.
Tag Data (Optional) One or more tag categories and their values that you want to add to the reputation entry in the TrendMicro SMS database.
The list values must be separated by ~~~. For example: MalwareIpType,malwareSource~~~cncHost

Output

The output contains a non-dictionary value.

operation: Delete Reputation Entries

Input parameters

Parameter Description
List OF IPs List of IPv4 or IPv6 addresses based on which you want to delete the reputation entry from TrendMicro SMS.
Note: You must specify either the list of IP address, DNSs, or URLs.
List OF DNS List of DNS addresses based on which you want to delete the reputation entry from TrendMicro SMS.
List OF URLs List of URLs based on which you want to delete the reputation entry from TrendMicro SMS.
Criteria Criteria to delete the reputation entry from TrendMicro SMS.  You can choose from the following values: 
  • All: Deletes all the reputation entries, including user-defined and RepDV entries. 
  • USER: Deletes all user-defined entries. 
  • REPDV: Deletes all RepDV entries. 
  • ENTRY: Deletes specified entries.

Output

The output contains a non-dictionary value.

operation: Delete Reputation

Input parameters

Parameter Description
Import File Imports a file that contains one or more reputation entries, that you want to delete from TrendMicro SMS.
TrendMicro SMS can upload one file at a time, and each file can contain multiple entries with same address type.
Address Type Address type that you want to delete from TrendMicro SMS. This address type is used to delete the reputation entry from the database. By default, this is set to IPv4.

Output

The output contains a non-dictionary value.

operation: Query Reputation Entries

Input parameters

Parameter Description
Address Type Type of address that you want to search in TrendMicro SMS database.  You can select from the following options: IP, DNS, or URL.
Address Values Values of the address that you want to search for in the TrendMicro SMS database based on the address type you have selected. For example, if you choose IP, then you can add values such as 1.1.1.1.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Trend Micro SMS - 1.0.0 playbook collection comes bundled with the Trend Micro SMS connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in CyOPsTM after importing the Trend Micro SMS connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.