Views:

Configure the integration to enable Cisco XDR to search Trend Vision One for security detections and take action on suspicious observables for faster and more effective incident response and threat investigation.

Procedure

  1. In the Trend Vision One console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Cisco XDR.
    3. Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Endpoint URL.
    4. Click Generate and copy the Authentication token.
  2. Set up the integration on the Cisco XDR platform.
    For more information, see Cisco documentation.
    1. In the Cisco XDR console, add the Trend Vision One integration.
    2. Use the endpoint URL and authentication token obtained from the Trend Vision One console to configure the integration.
      Cisco XDR begins accessing data from Trend Vision One, and information appears in Cisco XDR investigation results. Cisco XDR can only access data generated after connecting to Trend Vision One. You might need to allow some time before new investigation results start to appear.