Views:

Alert data ingested by Microsoft Sentinel is stored in Log Analytics workspaces.

An empty Log Analytics workspace indicates that no new alerts were created after the connector was successfully deployed. The connector does not pull preexisting alert data from Trend Vision One.
The TrendMicro_XDR_WORKBENCH_CL or TrendMicro_XDR_OAT_CL tables should exist if alerts were created in Trend Vision One after the connector was successfully deployed.

Procedure

  1. Go to Log Analytics workspaces{your_workspace}GeneralLogs.
  2. In the Tables tab under Custom Logs, verify that the TrendMicro_XDR_WORKBENCH_CL or TrendMicro_XDR_OAT_CL table exists.
  3. Click Run to run the query and view the data.
    Tip
    Tip
    • To disable Observed Attack Techniques alert data, go to your function app in your resource group, click horizontalEllipsisIcon=GUID-20240826102020.jpg, and select Disable for timer_trigger_oat, oat_pipeline_file_poison_qt, oat_pipeline_file_qt, oat_pipeline_task_poison_qt, and oatpipeline_task_qt.
    • To disable data from the TrendMicro_XDR_RCA_Result_CL and TrendMicro_XDR_RCA_Task_CL tables, go to your function app in your resource group, click horizontalEllipsisIcon=GUID-20240826102020.jpg, and select Disable for queue_trigger_rca.