Views:

Configure the integration to allow Cymulate to pull events from Trend Vision One, as well as to analyze logs and alerts and validate simulated attacks.

Procedure

  1. In the Trend Vision One console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Cymulate.
    3. Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy and save the Endpoint URL.
    4. Copy and save the Authentication token.
      • If no authentication token exists, click Generate and copy the new token. You can specify the expiration time in AdministrationAPI Keys.
      • If the existing authentication token is expired, click Revoke, then generate and copy a new token.
  2. In the Cymulate console, configure the Trend Vision One integration.
    1. Go to Configuration and find the Trend Vision One integration.
    2. Click Edit.
    3. Configure the following settings.
      Setting
      Description
      URL
      Paste the endpoint URL obtained from the Trend Vision One console.
      Token
      Paste the authentication token obtained from the Trend Vision One console.
      Timezone
      Select your time zone.
      EDR delay
      Set the duration (in minutes) for Cymulate to wait for logs and alert data to appear before querying the Trend Vision One console.
      For more information, see the integration demo video.
    4. Click Save.
      Cymulate begins collecting data from Trend Vision One. Cymulate can only collect data generated after connecting to Trend Vision One. You might need to allow some time before new data starts to appear.