Skip to main content

Trend Micro Vision One

Download With Dependencies

Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response(XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection.

Trend Micro Vision One

Overview

Trend Micro Vision One is a cybersecurity platform that provides one central place to see, detect, and respond to threats across your organization's IT environment.
It does this by combining critical security capabilities, such as Attack Surface Risk Management (ASRM) and Extended Detection and Response (XDR) into a single, integrated architecture.

Trend Micro Vision One

Overview

Trend Micro Vision One is a cybersecurity platform that provides one central place to see, detect, and respond to threats across your organization's IT environment.
It does this by combining critical security capabilities, such as Attack Surface Risk Management (ASRM) and Extended Detection and Response (XDR) into a single, integrated architecture.

This Pack Includes

Data Normalization and Querying Capabilities

  • Data modeling rules to normalize Trend Micro Vision One logs that are ingested via TrendMicroVisionOneEventCollector to Cortex XSIAM.
  • Querying ingested logs in XQL Search using the trend_micro_vision_one_raw dataset.

Supported Log Categories

Category Category Display Name
Workbench Alerts Logs Workbench
Search Result Logs Search Detection
Observed Attack Technique Logs Observed Attack Techniques
Audit Logs Audit

Enable Data Collection

Configure Trend Micro Vision One

Send an invitation to be added as an account. For more information, see the Trend Micro Vision One documentation here.

  1. Log in to your Trend Micro Vision One console.
  2. Navigate to AdministrationUser Accounts.
  3. Select the Roles tab and create a new custom role.
  4. In the Permissions section, navigate to Platform CapabilitiesXDR Threat Investigation and enable the following permissions:
    • Workbench, select View and Manage.
    • Observed Attack Techniques, select View, filter, and search.
    • Search, select View, filter and search.
    • Suspicious Object Management, select View, filter and search and Manage lists and configure settings.
  5. Go to the Users tab and create a new user account. Assign the role you just created to this user.
  6. Once the user is created, generate an API authentication token for this account.

For a configuration example from Sekoia, see here.

Configure Cortex XSIAM

To fetch events from Trend Micro Vision One, see the integration configuration details here.

  1. Navigate to SettingsConfigurationData CollectionAutomation & Feed Integrations.
  2. Search for Trend Micro Vision One.
  3. Click Add Instance.
  4. Insert the Server URL.
  5. Insert the API Key generated from Trend Micro Vision One.
  6. Under Collect, select on Fetch events.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedJanuary 6, 2022
Last ReleaseSeptember 1, 2025
Malware
Network Security
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.