MISP integration (via direct connection) | Trend Micro Service Central

Views:

Trend Vision One enables transfer of suspicious object data and retrieval of threat intelligence data directly with the MISP threat sharing platform.

Note

To enable the transfer of suspicious object data and retrieval of MISP threat intelligence data through a Service Gateway, see MISP integration (via Service Gateway).

Important

The MISP API does not return unpublished events for version 2.4.717 or later. Publish events on the MISP server to ensure that threat intelligence data can be sent to Trend Vision One.
To send MISP attributes as suspicious objects to Trend Vision One, add the Intrusion Detection System flag. This determines if the attribute can be automated.
For more information about MISP instance sizing, see Sizing your MISP instance.

Procedure

On the Trend Vision One console, go to Workflow and Automation → Third-Party Integration → MISP → Direct Connection.
Click Add Connection.
Turn on the toggle to enable the MISP connection.
Select Send data to MISP.
Configure settings to allow Trend Vision One to send suspicious object data to MISP.
Select Retrieve data from MISP.

Configure settings to allow Trend Vision One to retrieve threat intelligence data from MISP.

Note

You can only add indicator type STIX objects that are not revoked and do not have the anomalous activity, anonymization, benign, compromised, or unknown labels to the Suspicious Objects List.
Auto sweeping is only supported for report type STIX objects.

Click Save.

Table of Contents

The page you're looking for can't be found or is under maintenance

Try again later or go back to the previous page