Trend Vision One for Endpoint

Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response analyzes the alerts generated in Trend Vision One for malicious activity, and suggests preventive actions, which you must manually enforce on the endpoint.

Integrating Trend Vision One for Endpoint

1. Log in to your Trend Micro Vision One portal:

   1. Go to Administration > User Accounts.

   2. Select the account that is associated with your Infinity XDR/XPR Administrator Portal.

      The Edit Account window appears.

   3. Make sure that the Access level is set to Trend Micro Vision One™ console and APIs.

      

   4. In the Authentication token field, click to copy the token. If the API token is missing, click Generate new authentication token to generate the token and then click .

   5. Click Add.

2. Log in to the Infinity XDR/XPR Administrator Portal:

   1. Go to Settings > Integrations.

      

   2. In the Trend Vision One widget, click Integrate.

      The Trend Vision One Endpoint integration window appears.

      

   3. In the Access token field, paste the authentication token copied in step 1.d.

   4. From the Region list, select your region.

   5. Click Add.

      The Trend Vision One widget status changes to Active.

      

3. To check if the integration is successful, in the Infinity XDR/XPR Administrator Portal:

   • Go to Settings > Integrations.

     In the Integrated products section, verify if Trend Vision One Endpoint is listed as Active.

     

     Note - The widget will display Inactive status until Infinity XDR/XPR begins receiving logs from Trend Vision One Endpoint.

   • Go to the Overview page and in the Connectivity widget, verify if Trend Micro is listed as connected.

     

IOC Management

You can manage Indicators Of Compromise (IoCs) on Trend Vision One for Endpoint. You can import IoCs to it through different methods including CSV, OpenIOC, and STIX files. For more information, see Trend Micro documentation.

Deleting the Integration

1. Go to Settings > Integrations.

2. In the Trend Vision One widget, click .

3. Click Delete.

   The Delete Integration window appears.

   

4. Click Yes.

Supported Preventive Actions

When Infinity XDR/XPR detects any malicious activity, it generates an incident and recommends preventive actions to mitigate it.The supported preventive action is to isolate a machine. For more information, see Incidents Overview > Prevention.