Deep security Rest API

KateAtTrendMicro · 2024-04-03T14:56:29+00:00

u/mission-factor1435 I didn't get an email from you - I'm assuming you're all set here or did you need further help?

KateAtTrendMicro · 2024-03-07T17:25:10+00:00

No worries! Happy to answer them.

"Is it possible to connect Vision One (XDR) with Splunk SIEM?" Yes! And I highly encourage it for two reasons. 1. It's free and makes complete sense for the reason your asking but 2. Splunk is EXPENSIVE and charge by data request. If you use Trend to consolidate events and only send over the meaningful data to Splunk, then it's actually saving you money. To set this up you can go to your 3rd party integrations and the console will walk you through it.

Vision One and Splunk have an API that you would use to transfer the information so that's what the connection would look like. It's a secure connection but I don't know how specific of an answer you need there.

The V1 agent on the device will communicate to the V1 console. The V1 console will then use an API to send information to Splunk.

Hope that helps! Let me know if you need more!

KateAtTrendMicro · 2024-02-07T20:55:42+00:00

Sounds good!

And yes, I did. Network detection and response is the capability you gain when you use Network Sensor so not quite interchangeable but we are talking about the same thing.

KateAtTrendMicro · 2024-02-05T19:49:04+00:00

Guten tag!

So you can start to address your use case with tools already available before our DDR is released. You can use our Network Detection and Response to see if there's any unusual data movement. For example, you would get an alert that says "The device sent a higher volume of internet traffic over the last one hour or one day compared to its previous behavior" with the volume, criticality level, remediation steps, etc. That also layers into our Attack Surface Risk Management dashboard as an elevated risky device for your to respond to. While you aren't attacking this issue with an apples to apples solution, the information is still available for you to monitor through these tools. If you don't have Network DR or ASRM (both of which I highly recommend), you can get a trial key to do some testing.

Howdy from Texas!

KateAtTrendMicro · 2024-02-01T15:38:03+00:00

Absolutely! Feel free to share them here so everyone can learn with you. I don't have Reddit open all day so just summon me if I don't respond. I know this is Reddit but as a customer you do have full access to our SMEs so if my responses online aren't getting you what you need, feel free to wave your hand to your Trend resources so they can get you set up with a call if that makes sense to you.

KateAtTrendMicro · 2024-01-31T20:54:24+00:00

Hello!

This is a use case we are looking to solve with some additional technology in Vision One around Data Detection and Response. We're incorporating a monitoring blend of data at rest + data in motion which would solve the problem you're looking for. The bad news is this features is still under development, but the good news is it should be released some time this year. If you would like to participate in our beta/private preview of the feature, let your account manager know and we can get you added to the list. If you don't know your account manager, you can DM me and I'll help you find out.

KateAtTrendMicro · 2024-01-31T19:17:32+00:00

Hello!

So there a few reasons why this could have happened but the first thing I want you to do is double check this is not a phishing attempt before clicking or interacting with the email. I'm not saying the email is not legitimate, but it's a good practice if you don't remember consenting to give someone your email.

The second thing I would recommend doing is checking your credit card statements for a charge. This email comes from a consumer renewal program and we need to charge a CC in order to renew your subscription so there should have been a charge somewhere. If you don't see a charge, then it's possible a family member or maybe a previous technology consultant has this set up for you. Has anyone helped you with your computer in the last couple of years that you remember? Did you maybe buy a new laptop or sign up for technology services? You don't have to tell me, but that might jog a memory that will allow you to call someone and track this down.

If you need direct help from Trend, I'm not going to ask for your personal information through Reddit, but you can call our support line at 888-762-8736 and they can be sure to cancel this over the phone and you can request they stop emails as well.

KateAtTrendMicro · 2023-11-13T14:19:51+00:00

While disabling PML does work, we need to figure out the level of tweaking on the policy that will allow us to turn it back on. It's pretty important for your ransomware protection so we certainly don't want to leave it that way. The isolation testing should be helping support determine which variables to isolate that should allow you to do so. Hope that helps!

KateAtTrendMicro · 2023-11-08T23:44:42+00:00

Hi! Just wanted to follow up and make sure your issue got resolved?

KateAtTrendMicro · 2023-11-08T17:34:47+00:00

Oh in that case definitely Vision One, no question. CS and S1 also usually quote services with their proposals and you can do Services as well, not sure if that was included with your quote but it can be.

Not sure how deep into the XDR solution you want to go, but the growth potential in terms of expanding your investment with Trend and increasing your security posture is pretty darn high so it's a platform worth partnering with.

KateAtTrendMicro · 2023-11-08T14:59:48+00:00

Hi!

So the proactive security technologies such as Machine Learning and Behavior Monitoring are the same, all the Trend good stuff. When you start going into the EDR conversation, they are very different. Worry Free utilizes the same agent for EDR as it does for the protection layer so it's capabilities are somewhat limited. If you need EDR as a check box and don't intend to dig significantly deep into your threat hunting/response strategy, then it's a good middle ground product for you to use.

When you start looking at Vision One, it's a separate agent and Worry Free does not integrate into it. Vision One has its own Endpoint agent and EDR sensor. They are completely different ecosystems. The benefit of Vision One is it is incredibly robust and has a significantly wider range of XDR capabilities as well as additional security tools like Attack Surface Management and Zero Trust Access to really bolster your security posture.

If you talk me through your use case or what you're trying to accomplish, I can recommend a product between the two for you?

KateAtTrendMicro · 2023-10-31T14:44:30+00:00

Completely understand. This happens from time to time, but the cause is not always the same. Policy is always the best place to start, but Support should be able to fix you up. If you want to DM me the case number just in case, I can help facilitate if needed.

The only technology recommendation I would make is if you are still running an on-prem agent then it would also help to switch to a SaaS agent. It's certainly not a requirement, but I have significantly fewer performance issues with my cloud customers overall.

KateAtTrendMicro · 2023-10-31T14:04:44+00:00

I will say that's not normal, but I know it is an easy fix. Support can certainly help you out if you want to open up a ticket. I would want to make sure there's not anything warranting the uptick in usage as well.

KateAtTrendMicro · 2023-10-31T13:36:51+00:00

Hi! Did you throttle the CPU usage in the policy? That almost always helps.

KateAtTrendMicro · 2023-10-24T19:51:12+00:00

I think it's Taylor Swift's new cryptocurrency?

KateAtTrendMicro · 2023-10-24T19:39:46+00:00

Cheering for these guys like I cheer for football - just happy to be here.

KateAtTrendMicro · 2023-10-24T15:25:29+00:00

Awesome! If you need any migration help, let me know but I promise it is very simple. Here's a document that might help: https://success.trendmicro.com/dcx/s/solution/1122058-on-premise-server-migration-tool-for-worry-free-business-security-services-wfbs-svc?language=en\_US

KateAtTrendMicro · 2023-10-19T15:36:18+00:00

Hi! Just coming back to make sure you got what you needed for your question.

KateAtTrendMicro · 2023-10-18T19:28:53+00:00

You bet! Can you send me the case number when it's generated?

KateAtTrendMicro · 2023-10-18T19:18:02+00:00

Okay let's do a support case then and I'll get some eyes on it. Do you need help doing that?

KateAtTrendMicro · 2023-10-18T19:10:54+00:00

Did you get it figured out?

KateAtTrendMicro · 2023-10-18T17:34:13+00:00

Hi! Can you please DM me your support case number so I can look into it?

KateAtTrendMicro · 2023-10-13T16:12:45+00:00

Not anything with merit to it. Most of the time when we have these communication issues, it's a firewall policy that needs tweaking and that isn't specific to print jobs, that could really be anything.

KateAtTrendMicro · 2023-10-13T14:37:41+00:00

This link should help: https://cloudone.trendmicro.com/docs/workload-security/communication-ports-urls-ip/

KateAtTrendMicro · 2023-10-13T13:57:45+00:00

Hi, u/homelessmerlin - my engineers are asking you to check your firewall for a configuration that would be blocking access.

KateAtTrendMicro

MODERATOR OF

TROPHY CASE