Deploy the connector in Microsoft Sentinel using Azure Functions to enable alert data collection from Trend Vision One.
Once the connector is successfully deployed, Microsoft Sentinel begins pulling newly
created alert data from Trend Vision One.
Procedure
- In your Microsoft Sentinel workspace, go to .
- In the Content hub page, search for Trend Vision One and click Install.
- Choose your workspace and click Start to install.
- After installation finishes, go to .
- Search for Trend Vision One (using Azure Function) and click Open connector page.
- On the connector page, go to Instructions.
- Copy the Workspace ID and Workspace Key.
- Click Deploy to Azure.The Custom deployment page appears.
- Configure the settings on the Custom deployment
page.SettingConfiguration NotesSubscriptionManages deployed resourcesResource groupWhere to deploy the connectorFunction NameMust be a unique nameWorkspace ID and Workspace KeyThe information you copied from Instructions.You can also access the information from Log Analytics.
-
Go to your Workspace in Log Analytics.
-
Go to.
-
The information is on Windows servers, under Download agent.
API KeyAn API key from a Trend Vision One user accountNote
The Microsoft Sentinel connector requires an API key from a Trend Vision One user account with the SIEM role or a user role with greater permissions. The user account access level must include APIs.Region CodeThe region code that corresponds to the location of your Trend Vision One instanceThe following are valid values: au, eu, in, jp, sg, and us.Storage prefixThe storage prefix must comply with Azure naming conventions -
- Click Review + create.Once the connector is successfully deployed, Microsoft Sentinel begins pulling newly created alert data from Trend Vision One. The connector does not pull preexisting alert data.
- Go to and click your newly created function app in your resource group.
- Go to .
- Select Python 3.9 from the Python Version menu.
- Click Save.