Trend Micro Vision One 整合
您可以將 Trend Micro Vision One 與 Sophos Central 整合,以便其將資料傳送到 Sophos 進行分析。
此頁面提供整合的概覽。
Trend Micro Vision One 產品概覽
Trend Micro Vision One 是一個基於雲端的安全營運平台,將 ASM 和 XDR 結合在一個主控台中,以管理跨雲端、混合和內部部署環境的網路風險。它提供強大的風險洞見、更早的威脅偵測,並與廣泛的保護平台和全球威脅情報整合,提供全面的資產清單和風險評估,從而實現精確、高效的威脅管理。
Sophos文檔
我們擷取的內容
Sophos 看到的警示範例:
A command using net.exe or sc.exe has been executed to stop a service.Attempts to monitor or capture transmitted data were detected on the network.A hacking tool, which is generally used for cracking computer and network security or by system administrators to test security, was detected and blocked on an endpoint.A suspicious file with double extensions was created.An account attempted to upload a file containing a malicious URL and triggered file quarantine, which may indicate lateral movement after account compromise.
完整擷取的警示
我們從願景一中吸收兩個端點:
Workbench:"api/v3.0/workbench/alerts"Observed attack techniques: "api/v3.0/oat/detections"
篩選
我們篩選結果僅確認格式。我們不會丟棄任何警報。
威脅對應範例
{"alertType": "A Windows System Utility was executed to start a service.", "threatId": "TA0002", "threatName": "Execution"}
{"alertType": "A non browser application is connecting to a legitimate cloud provider, potentially using them as CnC.", "threatId": "TA0011", "threatName": "Command and Control"}
{"alertType": "A website that attempts to defraud a person or group after first gaining their confidence, used in the classical sense of trust was detected and blocked.", "threatId": "T1566", "threatName": "Phishing"}