TrendAI Vision One™

Overview

TrendAI Vision One™ is a cybersecurity platform that provides one central place to see, detect, and respond to threats across your organization's IT environment.
It does this by combining critical security capabilities, such as Attack Surface Risk Management (ASRM) and Extended Detection and Response (XDR) into a single, integrated architecture.

This Pack Includes

Data Normalization and Querying Capabilities

Data modeling rules to normalize TrendAI Vision One™ logs that are ingested via TrendMicroVisionOneEventCollector to Cortex XSIAM.
Querying ingested logs in XQL Search using the trend_micro_vision_one_raw dataset.

Supported Log Categories

Category	Category Display Name
Workbench Alerts Logs	Workbench
Search Result Logs	Search Detection
Observed Attack Technique Logs	Observed Attack Techniques
Audit Logs	Audit

Enable Data Collection

Configure TrendAI Vision One™

Send an invitation to be added as an account. For more information, see the TrendAI Vision One™ documentation here.

Log in to your TrendAI Vision One™ console.
Navigate to Administration → User Accounts.
Select the Roles tab and create a new custom role.
In the Permissions section, navigate to Platform Capabilities → XDR Threat Investigation and enable the following permissions:
- Workbench, select View and Manage.
- Observed Attack Techniques, select View, filter, and search.
- Search, select View, filter and search.
- Suspicious Object Management, select View, filter and search and Manage lists and configure settings.
Go to the Users tab and create a new user account. Assign the role you just created to this user.
Once the user is created, generate an API authentication token for this account.

For a configuration example from Sekoia, see here.

Configure Cortex XSIAM

To fetch events from TrendAI Vision One™, see the integration configuration details here.

Navigate to Settings → Configuration → Data Collection → Automation & Feed Integrations.
Search for TrendAI Vision One.
Click Add Instance.
Insert the Server URL.
Insert the API Key generated from TrendAI Vision One™.
Under Collect, select on Fetch events.

Name	Description
Trend Micro Vision One XDR - Incoming Mapper	Maps incoming Trend Micro Vision One alerts.
Trend Micro Vision One V3 XDR - Incoming Mapper	Maps incoming Trend Vision One alerts.
Trend Micro Vision One V3 XDR - Outgoing Mapper	Maps outgoing Trend Vision One alerts for mirroring. Maps XSOAR incident fields to Vision One alert fields.

Name	Description
Trend Micro Vision One XDR Workbench Link
Trend Micro Vision One XDR Investigation Status
Trend Micro Vision One XDR Indicators
Trend Micro Vision One XDR Desktop Count
Trend Micro Vision One XDR Impact Scope
Trend Micro Vision One XDR Email Address Count
Trend Micro Vision One XDR Detail
Trend Micro Vision One XDR Impacted Entities
Trend Micro Vision One XDR Indicators JSON
Trend Micro Vision One XDR Impacted Entities JSON
Trend Micro Vision One XDR Matched Rules JSON
Trend Micro Vision One XDR Priority Score
Trend Micro Vision One XDR Server Count
Trend Micro Vision One XDR Workbench ID
Trend Micro Vision One XDR Account Count

Name	Description
Trend Micro Vision One V3 XDR - Incoming Mapper	Maps incoming Trend Vision One alerts.
Trend Micro Vision One XDR - Incoming Mapper	Maps incoming Trend Micro Vision One alerts.
Trend Micro Vision One V3 XDR - Outgoing Mapper	Maps outgoing Trend Vision One alerts for mirroring. Maps XSOAR incident fields to Vision One alert fields.

Name	Description
Trend Micro Vision One XDR Workbench ID
Trend Micro Vision One XDR Account Count
Trend Micro Vision One XDR Matched Rules JSON
Trend Micro Vision One XDR Impacted Entities JSON
Trend Micro Vision One XDR Impact Scope
Trend Micro Vision One XDR Workbench Link
Trend Micro Vision One XDR Desktop Count
Trend Micro Vision One XDR Impacted Entities
Trend Micro Vision One XDR Detail
Trend Micro Vision One XDR Priority Score
Trend Micro Vision One XDR Server Count
Trend Micro Vision One XDR Investigation Status
Trend Micro Vision One XDR Indicators
Trend Micro Vision One XDR Indicators JSON
Trend Micro Vision One XDR Email Address Count

Name	Description
Trend Micro Vision One Event Collector	Palo Alto Networks Trend Micro Vision One Event Collector integration for Cortex XSIAM collects the Workbench, Observed Attack Techniques, Search Detections and Audit logs.
TrendAI Vision One™ v3 (Partner Contribution)	TrendAI Vision One™ is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—TrendAI Vision One™ prevents the majority of attacks with automated protection.
TrendAI Vision One™ (Partner Contribution)	TrendAI Vision One™ is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—TrendAI Vision One™ prevents the majority of attacks with automated protection.

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Certification	Certified	Read more
Supported By	Partner
Created	January 6, 2022
Last Release	March 22, 2026

TrendAI Vision One™

TrendAI Vision One™

Overview

TrendAI Vision One™

Overview

This Pack Includes

Data Normalization and Querying Capabilities

Supported Log Categories

Enable Data Collection

Configure TrendAI Vision One™

Configure Cortex XSIAM

Integrations

TrendAI Vision One™

TrendAI Vision One™ v3

Integrations

Trend Vision One v3

Mappers

Trend Micro Vision One V3 XDR - Incoming Mapper

New: Trend Micro Vision One V3 XDR - Outgoing Mapper

Integrations

Trend Micro Vision One V3.

Integrations

Trend Micro Vision One

Trend Micro Vision One V3.

Integrations

Trend Micro Vision One V3.

Integrations

Trend Micro Vision One

Trend Micro Vision One V3.

Integrations

TrendAI Vision One™

TrendAI Vision One™ v3

Integrations

Trend Micro Vision One Event Collector

Trend Vision One v3

Mappers

Trend Micro Vision One V3 XDR - Incoming Mapper

New: Trend Micro Vision One V3 XDR - Outgoing Mapper

Modeling Rules

Trend Micro Vision One Modeling Rule

Integrations

Trend Micro Vision One Event Collector

Integrations

Trend Micro Vision One V3.

Modeling Rules

Trend Micro Vision One Modeling Rule

Modeling Rules

Trend Micro Vision One Modeling Rule

Integrations

Trend Micro Vision One

Trend Micro Vision One V3.

Integrations

Trend Micro Vision One V3.

Integrations

Trend Micro Vision One Event Collector

Integrations

Trend Micro Vision One Event Collector

Trend Micro Vision One

Trend Micro Vision One V3.

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER