QRadar XDR integration | Trend Micro Service Central

Views:

Install the add-on to share and view XDR data in QRadar including Workbench alerts, Observed Attack Techniques, and Trend Micro product detections.

Important

Before installation, ensure that your QRadar is running correctly to enable the transmission of XDR data to QRadar.

Note

The following instructions for installation is based on QRadar versions 7.3.3FP6+ and 7.4.1FP2+. Settings may vary for other versions of QRadar. Refer to the QRadar documentation for specific information related to your version.

Procedure

In the Trend Vision One console, go to Workflow and Automation → Third-Party Integration.
Click QRadar XDR.
Copy the following information:
- Server FQDN
- Authentication token
In the QRadar console, install the Trend Vision One for QRadar (XDR) add-on.
In the QRadar console, go to Admin → User Services → Authorized Services.
Copy the QRadar Authentication token.
Go to Admin → Apps → Trend Micro Vision One for QRadar (XDR).
Paste the following information:
- Server FQDN
- Authentication Token
- QRadar Authentication Token
Configure the following settings:
- Proxy: Select if you want to use the QRadar proxy settings or not.
- Data scope: Select which data sources to pull from Trend Vision One.
  
  Note
  
  The add-on requires selecting at least one data source. Workbench alerts is the default selection.

Click Save.

QRadar begins pulling XDR data from Trend Vision One.

Important

After successfully installing the QRadar add-on, QRadar begins pulling XDR data from Trend Vision One. The add-on does not pull preexisting XDR data. You may need to allow some time before new XDR data starts to appear.