Views:

Apex Central integrates with Trend Micro Threat Investigation Center to enable Managed Detection and Response capabilities.

Important:

  • Managed Detection and Response capabilities require purchasing a service plan to obtain a valid server address and company GUID. Contact Trend Micro sales or your reseller to purchase a service plan.

  1. Go to Response > Managed Detection and Response.

    The Managed Detection and Response screen appears.

  2. Click the Settings tab.
  3. Specify the following information:

    • Server address: The Threat Investigation Center server address provided by Trend Micro sales or your reseller

    • Company GUID: The Managed Detection and Response Service GUID provided by Trend Micro sales or your reseller

  4. Configure automatic approval settings for new investigation tasks.
    Note:

    • If automatic approval is enabled, Apex Central will send email notifications to inform recipients of new automatically approved investigation tasks.

    • If automatic approval is disabled, Apex Central will send email notifications for all new investigation tasks to request manual approval.

    • Select the Automatically approve investigation tasks check box to enable automatic approval of new investigation tasks.

    • Clear the Automatically approve investigation tasks check box to disable automatic approval of new investigation tasks.

  5. (Optional) Configure notification recipients.
    Note:

    • You can add new user accounts on the User Accounts screen (Administration > Account Management > User Accounts).

    • You can add new contact groups on the Contact Groups screen (Detections > Notifications > Contact Groups).

    • To add recipients, select contacts from the Available Users and Groups list and click >.

      The selected contacts appear in the Selected Users and Groups list.

    • To remove recipients, select contacts from the Selected Users and Groups list and click <.

      The selected contacts appear in the Available Users and Groups list.

  6. Click Register.

    • The Server address field displays the address of the registered Threat Investigation Center server.

    • The Sender ID field replaces the Company GUID field and displays the GUID of the Apex Central server that receives investigation tasks from the registered Threat Investigation Center server.

Parent topic: Managed Detection and Response Overview