Deploying the Trend Vision One connector

Procedure

1. In your Microsoft Sentinel workspace, go to Content management → Content hub (Preview).
2. In the Content hub page, search for Trend Vision One and click Install.
3. Choose your workspace and click Start to install.
4. After installation finishes, go to Configuration → Data connectors.
5. Search for Trend Vision One (using Azure Function) and click Open connector page.
6. On the connector page, go to the Instructions tab.
7. Copy the Workspace ID and Workspace Key.
8. Click Deploy to Azure.
   The Custom deployment page appears.
9. Configure the settings on the Custom deployment page.

   Setting	Configuration Notes
   Subscription	Manages deployed resources
   Resource group	Where to deploy the connector
   Function Name	Must be a unique name
   Workspace ID and Workspace Key	The information you copied from the Instructions tab You can also access the information from Log Analytics. Go to Log Analytics and navigate to your workspace. Go to Settings → Agents management. The information is on the Windows servers tab, under Download agent.
   API Key	An API key from a Trend Vision One user account Note The Microsoft Sentinel connector requires an API key from a Trend Vision One user account with the SIEM role or a user role with greater permissions. The user account access level must include APIs.
   Region Code	The region code that corresponds to the location of your Trend Vision One instance The following are valid values: au, eu, in, jp, sg, and us.
   Storage prefix	The storage prefix must comply with Azure naming conventions

10. Click Review + create.
    Once the connector is successfully deployed, Microsoft Sentinel begins pulling newly created alert data from Trend Vision One. The connector does not pull preexisting alert data.
11. Go to Overview → Resources and click your newly created function app in your resource group.
12. Go to Configuration → General Settings.
13. Select Python 3.9 from the Python Version drop-down menu.
14. Click Save.