Views:

Configure the integration to allow LogRhythm to receive alert and event information from Trend Vision One, as well as to create response actions and add notes to Workbench alerts.

Procedure

  1. In the Trend Vision One console, obtain the endpoint URL and authentication token.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click LogRhythm SIEM.
    3. Obtain the values from the following fields.
      • Click dddna_summary_detection_copy=GUID-4DE35BE5-57A5-4919-BF9C-5EC95F9CA8FD=1=en-us=Low.png to copy the Endpoint URL.
      • Click Generate and copy the Authentication token.
  2. Sign in and download the SmartResponse plug-in for Trend Vision One from LogRhythm.
  3. Install the plug-in in the LogRhythm console.
    1. Go to the Deployment Manager tab.
    2. Go to ToolsAdministration and select SmartResponse Plugin Manager from the drop-down menu.
    3. Click ActionsImport.
    4. In Downloads, select the Trend Vision One package and click Open.
      The plug-in is installed.
  4. Activate and configure the Trend Vision One plug-in in the LogRhythm console.
    For more information, see the activation demo video.
    LogRhythm SIEM begins pulling data from Trend Vision One. LogRhythm SIEM can only collect data generated after connecting to Trend Vision One. You might need to allow some time before new data starts to appear.