Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=trend-micro-vision-one

Integrate Trend Micro Vision One

API Endpoint

You must have the Endpoint integrations license pack to use this feature.

You can integrate Trend Micro Vision One with Sophos Central so that it sends data to Sophos for analysis.

This is an API-based integration.

The key steps are as follows:

  • Get the API authentication token from Trend Micro.
  • Configure an integration in Sophos Central.

Get the authentication token

You must be a Master Administrator or Senior Analyst to get the token.

Note

If your role doesn't have sufficient permissions, open the Trend Micro Vision One console, go to User Roles > Permissions, and select Full Access for Alerts and Events.

To get the token, do as follows:

  1. Open the Trend Micro Vision One console.
  2. Go to Account Management > User Accounts.
  3. Click your account name to view its details.

  4. Find and copy the authentication token. A token was generated when the account was created.

    Make sure you store the token securely. You'll need it later.

  5. Click Close.

The authentication token expires one year after it's created. A Master Administrator can generate a new token at any time.

Next, you configure an integration in Sophos Central.

Configure an integration

To integrate Micro Trend Vision One with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.

  2. Click Trend Micro Vision One.

    The Trend Micro Vision One page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.

  4. In Integration steps, enter the Integration name and Integration description.

  5. Enter the Regional URL of Trend Micro. The URL depends on your region.

    Region URL
    Australia https://api.au.xdr.trendmicro.com
    European Union https://api.eu.xdr.trendmicro.com
    India https://api.in.xdr.trendmicro.com
    Japan https://api.xdr.trendmicro.co.jp
    Singapore https://api.sg.xdr.trendmicro.com
    United Arab Emirates https://api.mea.xdr.trendmicro.com
    United States https://api.xdr.trendmicro.com
    United States (for Government) api.usgov.xdr.trendmicro.com

  6. In API Token, enter the authentication token you got from Trend Micro earlier.

  7. In Endpoint type, select the type of alerts you want Micro Trend to send to Sophos.
  8. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.

More information

Trend Vision One Public API (v3.0)