Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Trend Vision One

Configure the Trend Vision One data connector in Radiant Security to ingest alerts and telemetry for AI triage.

Connect Trend Vision One to Radiant Security to ingest alerts, observed attack techniques, and search data for AI triage. This guide covers generating the API key in Trend Vision One and adding the data connector in Radiant.

Prerequisites

Required permissions

The user role assigned to the API key must grant the following permissions.

API Category
App
Permissions

Alerts / Workbench

Workbench

View, filter, and search

Observed Attack Techniques

Observed Attack Techniques

View, filter, and search

Search

Search

View, filter, and search

API Keys

IAM

View

The API Keys: View permission lets Radiant read API key metadata only, not key values. Radiant uses this metadata to track your credential's expiration date.

Generate the Trend Vision One API key

  1. In the Trend Vision One console, go to Administration > API Keys.

  2. Click Add API key.

  3. In Name, enter RADIANT_SECURITY_API_KEY.

  4. In Role, select a role that grants the permissions listed in Required permissions.

  5. In Expiration time, set how long the key remains valid. The default is one year.

  6. Confirm that Status is enabled and add a description in Details if needed.

  7. Click Add.

  8. Copy the API key and store it in a secure location.

The Name value must be exactly RADIANT_SECURITY_API_KEY. Radiant uses this name to identify the credential and track its expiration date.

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the Trend Micro Vision One API option, click Data Feeds

  4. Click on all data feeds to select them and click Credentials.

  5. Under Credential Name, give the credential an identifiable name (e.g. Trend Vision One Integration).

  6. Enter your API Base URL and API Key.

  7. Click Add Connector

Verify ingestion

After Trend Vision One begins forwarding, confirm alerts and events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by the rs_connectorType for each data feed you enabled:

Data feed
Filter

Trend Micro Vision One Alerts

rs_connectorType:"trendmicro_vision_one_alerts"

Trend Micro Vision One Sensor Info

rs_connectorType:"trendmicro_vision_one_sensor_info"

Trend Micro Vision One Query

rs_connectorType:"trendmicro_vision_one_query"

  1. Confirm recent alerts and events appear for each enabled feed.

Allow several minutes for alerts and events to be parsed, indexed, and available for search.

PreviousTrend Micro Apex CentralNextCreate a Trend Micro Vision One API Token

Last updated

Was this helpful?