Trend Micro Cloud App Security

Details
Content
Dependencies
Version History

Use Trend Micro - Cloud App Security to: Log retrieval - Threat investigation: - Threat mitigation - Threat remediation - Intelligent investigation.

Classifiers

Name	Description
trend micro cas classifier
TrendMicroCAS - incoming - mapper	Maps incoming Trend Micro CAS fields

Incident Types

Name	Description
Trend Micro CAS Event

Integrations

Name	Description
Trend Micro Cloud App Security	Use Trend Micro Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite and Salesforce.

Layouts

Name	Description
Trend Micro CAS

Playbooks

Name	Description
Trend Micro CAS - Take Action On Emails	This playbook runs various actions on emails, such as deleting and quarantine email messages, using the "trendmicro-cas-email-take-action" command and returns the results from the "trendmicro-cas-email-action-result-query" command.
Trend Micro CAS - Take Action On User Accounts	This playbook runs various actions on a user's account, such as disabling accounts, requesting multi-factor authentication, and requesting a password, using the "trendmicro-cas-user-take-action" command and returns the result using the "trendmicro-cas-user-action-result-query" command.
Trend Micro CAS - Indicators Hunting	In this playbook, the 'trendmicro-cas-email-sweep' command is used to automatically hunt for and detect IOCs within email messages protected by Cloud App Security (CAS). Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook: IP Addresses CIDR File Name File Type SHA1 URL Domain Email Addresses Separate searches are conducted for each type of indicator in the playbook.

Classifiers

Name	Description
trend micro cas classifier
TrendMicroCAS - incoming - mapper	Maps incoming Trend Micro CAS fields

Incident Types

Name	Description
Trend Micro CAS Event

Integrations

Name	Description
Trend Micro Cloud App Security	Use Trend Micro Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite and Salesforce.

Playbooks

Name	Description
Trend Micro CAS - Indicators Hunting	In this playbook, the 'trendmicro-cas-email-sweep' command is used to automatically hunt for and detect IOCs within email messages protected by Cloud App Security (CAS). Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook: IP Addresses CIDR File Name File Type SHA1 URL Domain Email Addresses Separate searches are conducted for each type of indicator in the playbook.
Trend Micro CAS - Take Action On Emails	This playbook runs various actions on emails, such as deleting and quarantine email messages, using the "trendmicro-cas-email-take-action" command and returns the results from the "trendmicro-cas-email-action-result-query" command.
Trend Micro CAS - Take Action On User Accounts	This playbook runs various actions on a user's account, such as disabling accounts, requesting multi-factor authentication, and requesting a password, using the "trendmicro-cas-user-take-action" command and returns the result using the "trendmicro-cas-user-action-result-query" command.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (3)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.9 - 1834150 (December 18, 2024)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 37690

Download

1.1.8 - 1718057 (November 28, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.7 - R1709192 (November 26, 2024)

Integrations

Trend Micro Cloud App Security

Added India to the Service URL parameter.
Updated the Docker image to: demisto/python3:3.11.9.109226.

Related pull requests:
- 36164
- 36329

Download

1.1.6 - R828628 (February 14, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32444

Download

1.1.5 - R6592021 (October 13, 2023)

Integrations

Trend Micro Cloud App Security

Added the Token integration parameters to support credentials fetching object.

Related pull requests:
- 27937

Download

1.1.4 - R5692327 (July 5, 2023)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.3 - R5450895 (June 5, 2023)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 23716

Download

1.1.2 - R4718798 (March 1, 2023)

Integrations

Trend Micro Cloud App Security

Updated the pack category to Authentication & Identity Management.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24749

Download

1.1.1 - R4646022 (February 19, 2023)

Layouts

Trend Micro CAS
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

1.1.0 - 4427603 (January 19, 2023)

Playbooks

New: Trend Micro CAS - Indicators Hunting

Created a new playbook for threat hunting and detection of IOCs within email messages protected by Trend Micro Cloud App Security utilizing the trendmicro-cas-email-sweep command. Supported IOCs for this playbook are: IP addresses, CIDR, file names, file types, SHA1 hashes, URLs, domains, and email addresses. Separate searches are conducted for each type of indicator in the playbook.

Related pull requests:
- 23373

Download

1.0.14 - R4247670 (December 20, 2022)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.8.37233

Related pull requests:
- 22137

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 30, 2020
Last Release	December 18, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.