TrendAI™ Cloud App Security

Details
Content
Dependencies
Version History

Use TrendAI™ Cloud App Security to: Log retrieval - Threat investigation: - Threat mitigation - Threat remediation - Intelligent investigation.

Classifiers

Name	Description
trend micro cas classifier
TrendMicroCAS - incoming - mapper	Maps incoming Trend Micro CAS fields

Incident Types

Name	Description
Trend Micro CAS Event

Integrations

Name	Description
TrendAI™ Cloud App Security	Use TrendAI™ Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite and Salesforce.

Layouts

Name	Description
Trend Micro CAS

Playbooks

Name	Description
Trend Micro CAS - Take Action On User Accounts	This playbook runs various actions on a user's account using TrendAI™ Cloud App Security, such as disabling accounts, requesting multi-factor authentication, and requesting a password, using the "trendmicro-cas-user-take-action" command and returns the result using the "trendmicro-cas-user-action-result-query" command.
Trend Micro CAS - Take Action On Emails	This playbook runs various actions on emails using TrendAI™ Cloud App Security, such as deleting and quarantine email messages, using the "trendmicro-cas-email-take-action" command and returns the results from the "trendmicro-cas-email-action-result-query" command.
Trend Micro CAS - Indicators Hunting	In this playbook, the 'trendmicro-cas-email-sweep' command is used to automatically hunt for and detect IOCs within email messages protected by Cloud App Security (CAS). Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook: IP Addresses CIDR File Name File Type SHA1 URL Domain Email Addresses Separate searches are conducted for each type of indicator in the playbook.

Classifiers

Name	Description
trend micro cas classifier
TrendMicroCAS - incoming - mapper	Maps incoming Trend Micro CAS fields

Incident Types

Name	Description
Trend Micro CAS Event

Integrations

Name	Description
TrendAI™ Cloud App Security	Use TrendAI™ Cloud App Security integration to protect against ransomware, phishing, malware, and unauthorized transmission of sensitive data for cloud applications, such as Microsoft 365, Box, Dropbox, Google G Suite and Salesforce.

Playbooks

Name	Description
Trend Micro CAS - Indicators Hunting	In this playbook, the 'trendmicro-cas-email-sweep' command is used to automatically hunt for and detect IOCs within email messages protected by Cloud App Security (CAS). Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook: IP Addresses CIDR File Name File Type SHA1 URL Domain Email Addresses Separate searches are conducted for each type of indicator in the playbook.
Trend Micro CAS - Take Action On Emails	This playbook runs various actions on emails using TrendAI™ Cloud App Security, such as deleting and quarantine email messages, using the "trendmicro-cas-email-take-action" command and returns the results from the "trendmicro-cas-email-action-result-query" command.
Trend Micro CAS - Take Action On User Accounts	This playbook runs various actions on a user's account using TrendAI™ Cloud App Security, such as disabling accounts, requesting multi-factor authentication, and requesting a password, using the "trendmicro-cas-user-take-action" command and returns the result using the "trendmicro-cas-user-action-result-query" command.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (3)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (7)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

1.1.16 - 10518477 (June 28, 2026)

Integrations

TrendAI™ Cloud App Security

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.13.10116658.

Playbooks

Trend Micro CAS - Take Action On User Accounts

Documentation and metadata improvements.

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Trend Micro CAS - Take Action On Emails

Documentation and metadata improvements.

Related pull requests:
- 44659

Download

1.1.15 - 7843807 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.14 - 7217627 (February 18, 2026)

Integrations

Trend Micro Cloud App Security

Added the Singapore and Middle East (UAE) options to the Service URL parameter.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43152

Download

1.1.13 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.12 - R5469292 (October 20, 2025)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.1.11 - R3481649 (May 21, 2025)

Integrations

Trend Micro Cloud App Security

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.1.10 - 2901908 (March 18, 2025)

Trend Micro Cloud App Security

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.1.9 - 1834150 (December 18, 2024)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 37690

Download

1.1.8 - 1718057 (November 28, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.7 - R1709192 (November 26, 2024)

Integrations

Trend Micro Cloud App Security

Added India to the Service URL parameter.
Updated the Docker image to: demisto/python3:3.11.9.109226.

Related pull requests:
- 36164
- 36329

Download

1.1.6 - R828628 (February 14, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32444

Download

1.1.5 - R6592021 (October 13, 2023)

Integrations

Trend Micro Cloud App Security

Added the Token integration parameters to support credentials fetching object.

Related pull requests:
- 27937

Download

1.1.4 - R5692327 (July 5, 2023)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.3 - R5450895 (June 5, 2023)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 23716

Download

1.1.2 - R4718798 (March 1, 2023)

Integrations

Trend Micro Cloud App Security

Updated the pack category to Authentication & Identity Management.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24749

Download

1.1.1 - R4646022 (February 19, 2023)

Layouts

Trend Micro CAS
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

1.1.0 - 4427603 (January 19, 2023)

Playbooks

New: Trend Micro CAS - Indicators Hunting

Created a new playbook for threat hunting and detection of IOCs within email messages protected by Trend Micro Cloud App Security utilizing the trendmicro-cas-email-sweep command. Supported IOCs for this playbook are: IP addresses, CIDR, file names, file types, SHA1 hashes, URLs, domains, and email addresses. Separate searches are conducted for each type of indicator in the playbook.

Related pull requests:
- 23373

Download

1.0.14 - R4247670 (December 20, 2022)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.8.37233

Related pull requests:
- 22137

Download

1.1.16 - 10518477 (June 28, 2026)

Integrations

TrendAI™ Cloud App Security

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.12.13.10116658.

Playbooks

Trend Micro CAS - Take Action On User Accounts

Documentation and metadata improvements.

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Trend Micro CAS - Take Action On Emails

Documentation and metadata improvements.

Related pull requests:
- 44659

Download

1.1.15 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.14 - 7217627 (February 18, 2026)

Integrations

Trend Micro Cloud App Security

Added the Singapore and Middle East (UAE) options to the Service URL parameter.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43152

Download

1.1.13 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.12 - R5469292 (October 20, 2025)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.1.11 - R3481649 (May 21, 2025)

Integrations

Trend Micro Cloud App Security

Metadata and documentation improvements.

Related pull requests:
- 39009

Download

1.1.10 - 2929110 (March 20, 2025)

Trend Micro Cloud App Security

Documentation and metadata improvements.

Related pull requests:
- 38999

Download

1.1.9 - 1834150 (December 18, 2024)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 37690

Download

1.1.8 - 1718057 (November 28, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.7 - R1709192 (November 26, 2024)

Integrations

Trend Micro Cloud App Security

Added India to the Service URL parameter.
Updated the Docker image to: demisto/python3:3.11.9.109226.

Related pull requests:
- 36164
- 36329

Download

1.1.6 - R828628 (February 14, 2024)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32444

Download

1.1.5 - R6592021 (October 13, 2023)

Integrations

Trend Micro Cloud App Security

Added the Token integration parameters to support credentials fetching object.

Related pull requests:
- 27937

Download

1.1.4 - 5692327 (July 5, 2023)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.3 - R5170573 (May 2, 2023)

Playbooks

Trend Micro CAS - Indicators Hunting

Documentation and metadata improvements.

Related pull requests:
- 23716

Download

1.1.2 - R4718798 (March 1, 2023)

Integrations

Trend Micro Cloud App Security

Updated the pack category to Authentication & Identity Management.
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24749

Download

1.1.1 - R4646022 (February 19, 2023)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 24223

Download

1.1.0 - 4427603 (January 19, 2023)

Playbooks

New: Trend Micro CAS - Indicators Hunting

Related pull requests:
- 23373

Download

1.0.14 - R4246715 (December 19, 2022)

Integrations

Trend Micro Cloud App Security

Updated the Docker image to: demisto/python3:3.10.8.37233
Added sections to instance configuration.

Related pull requests:
- 22137

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 30, 2020
Last Release	June 28, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.