Views:

Configure the integration to allow LogRhythm to receive alert and event information from TrendAI Vision One™, as well as to create response actions and add notes to Workbench alerts.

Procedure

  1. In the TrendAI Vision One™ console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the LogRhythm SIEM card.
    3. Obtain the values from the following fields.
      • Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Endpoint URL.
      • Click Generate and copy the Authentication token.
  2. Sign in and download the SmartResponse plug-in for TrendAI Vision One™ from LogRhythm.
  3. Install the plug-in in the LogRhythm console.
    1. Go to the Deployment Manager tab.
    2. Go to ToolsAdministration and select SmartResponse Plugin Manager from the drop-down menu.
    3. Click ActionsImport.
    4. In Downloads, select the TrendAI Vision One™ package and click Open.
      The plug-in is installed.
  4. Activate and configure the TrendAI Vision One™ plug-in in the LogRhythm console.
    For more information, see the activation demo video.
    LogRhythm SIEM begins pulling data from TrendAI Vision One™. LogRhythm SIEM can only collect data generated after connecting to TrendAI Vision One™. You might need to allow some time before new data starts to appear.