Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=trend-micro-vision-one

Integrate Trend Micro Vision One

MSP Flex customers must have the Endpoint integrations license pack to use this feature.

You can integrate Trend Micro Vision One with Sophos Central so that it sends data to Sophos for analysis.

This is an API-based integration.

The key steps are as follows:

  • Get the API key (authentication token) from Trend Micro.
  • Configure an integration in Sophos Central.

Get the API key

You must be a Master Administrator or Senior Analyst to get the key.

When you add an API key, you'll be asked to assign a role to the key.

Make sure that the role you intend to use has the permissions needed, as follows:

  1. Open the Trend Micro Vision One console.
  2. Go to Administration > User Roles > Permissions.
  3. Select Full Access for Alerts and Events.

To get the key, do as follows:

  1. In the Trend Micro Vision One console, go to Administration > API Keys.
  2. Click Add API key.

  3. Specify the settings for the new API key as follows:

    1. Name: A name that helps you identify the API key.
    2. Role: The user role assigned to the key.
    3. Expiration time: By default, API keys expire one year after creation. However, a Master Administrator can delete and regenerate keys at any time.

  4. Use the Status toggle to activate the key.

  5. Click Add.

    The key is displayed. Copy it and store it securely because you'll need it later.

  6. Click Close.

Next, you configure an integration in Sophos Central.

Configure an integration

To integrate Micro Trend Vision One with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.

  2. Click Trend Micro Vision One.

    The Trend Micro Vision One page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.

  4. In Integration steps, enter the Integration name and Integration description.

  5. Enter the Regional URL of Trend Micro. The URL depends on your region.

    Region URL
    Australia https://api.au.xdr.trendmicro.com
    European Union https://api.eu.xdr.trendmicro.com
    India https://api.in.xdr.trendmicro.com
    Japan https://api.xdr.trendmicro.co.jp
    Singapore https://api.sg.xdr.trendmicro.com
    United Arab Emirates https://api.mea.xdr.trendmicro.com
    United States https://api.xdr.trendmicro.com
    United States (for Government) api.usgov.xdr.trendmicro.com

  6. In API Token, enter the API key you added in Trend Micro earlier.

  7. In Endpoint type, select the type of alerts you want Micro Trend to send to Sophos.
  8. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.

More information

Trend Vision One Public API (v3.0)