topic Re: Trend Micro Vision one integration in All Apps and Add-ons

Trend Micro Vision one integration

debjit_k — Fri, 16 Dec 2022 05:18:29 GMT

Hi All,

Hope you are doing good!!

Basically we want to integrate trend micro vision one solution in our splunk.

So before doing it I just wants to verify myself whether I know correct or not.

1. We need to install vision one application from splunk base.

2. After installation the app we need open that app and then click on configuration.

3. Then need to put url n authentication token.

4. Need to choose the log file type

Then we will start receiving the data? Kindly let me know if my understanding is correct or not..

If my above understand is correct I want to know 1 things

How to create UC because we are using some 3D party software to onboard data now how we can write query and all, sorry im sounding armature but this is my first time..

Thanks

Debjit

Re: Trend Micro Vision one integration

debjit_k — Sun, 18 Dec 2022 14:00:36 GMT

Hi @gcusell,

Kindly need your suggestion for the below query.

Attaching the snap for reference steps which im following.

Note

I change the index name from default to xdr and also created one local file inside the xdr app.

Thanks

Re: Trend Micro Vision one integration

gcusello — Sun, 18 Dec 2022 16:50:43 GMT

Hi @debjit_k,

I never integrated Trend Micro Vision One, but if you followed the instructions and you have the data with the correct sourcetype and a correct parsing I can say that you're correct.

How to check that you're right? at first see if running a simpe search on data (index=xdr) you see data and you see all the fields (correct parsing).

If yes, you can see if the panels are populated.

If you don't see the data you have to debug it and it's difficoult to guide you, if parsing isn't correct, check the sourcetype and see in documentation or in props.conf what's the correct sourcetype to apply.

Ciao.

Giuseppe