Trend Micro Deep Security
This Integration is part of the Trend Micro Deep Security Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Trend Micro Deep Security This integration was integrated and tested with version 20.0 of Trend Micro Deep Security, and v1 of the API.
Changes compared to TrendMicroDsm#
Changes in commands#
- trendmicro-create-computer - New command.
- trendmicro-search-computers - New command.
- trendmicro-get-computer - New command.
- trendmicro-list-computers - New command.
- trendmicro-modify-computer - New command.
- trendmicro-delete-computer - New command.
- trendmicro-get-computer-setting - New command.
- trendmicro-modify-computer-setting - New command.
- trendmicro-reset-computer-setting - New command.
- trendmicro-list-computer-groups - New command.
- trendmicro-create-computer-group - New command.
- trendmicro-search-computer-groups - New command.
- trendmicro-get-computer-group - New command.
- trendmicro-modify-computer-group - New command.
- trendmicro-delete-computer-group - New command.
- trendmicro-search-firewall-rules - New command.
- trendmicro-list-firewall-rules - New command.
- trendmicro-create-firewall-rule - New command.
- trendmicro-get-firewall-rule - New command.
- trendmicro-modify-firewall-rule - New command.
- trendmicro-delete-firewall-rule - New command.
- trendmicro-list-firewall-rule-ids-of-computer - New command.
- trendmicro-add-firewall-rule-ids-to-computer - New command.
- trendmicro-set-firewall-rule-ids-to-computer - New command.
- trendmicro-get-policy - New command.
- trendmicro-modify-policy - New command.
- trendmicro-delete-policy - New command.
- trendmicro-get-policy-setting - New command.
- trendmicro-modify-policy-setting - New command.
- trendmicro-reset-policy-setting - New command.
- trendmicro-list-policies - New command.
- trendmicro-search-policies - New command.
- trendmicro-create-policy - New command.
- trendmicro-remove-firewall-rule-id-from-computer - New command.
- trendmicro-list-default-policy-settings - New command.
- trendmicro-get-default-policy-setting - New command.
- trendmicro-modify-default-policy-setting - New command.
- trendmicro-reset-default-policy-setting - New command.
Configure Trend Micro Deep Security in Cortex#
Parameter | Description | Required |
---|---|---|
Server URL | Server URL for TrendMicro console. e.g: https://ip:port/ | True |
API Secret | The API secret key | True |
API Version | The API version used | False |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
trendmicro-create-computer#
Create a new computer
Base Command#
trendmicro-create-computer
Input#
Argument Name | Description | Required |
---|---|---|
expand | Determines the computer information to include in the response. Notice that the information is appended to the context data only. Possible values are: none, all, computerStatus, tasks, securityUpdates, computerSettings, allSecurityModules, antiMalware, webReputation, activityMonitoring, firewall, intrusionPrevention, integrityMonitoring, logInspection, applicationControl, SAP, interfaces, ESXSummary, allVirtualMachineSummaries, azureARMVirtualMachineSummary, azureVMVirtualMachineSummary, ec2VirtualMachineSummary, noConnectorVirtualMachineSummary, vmwareVMVirtualMachineSummary, vcloudVMVirtualMachineSummary, workspaceVirtualMachineSummary, gcpVirtualMachineSummary. Default is none. | Optional |
overrides | Show only overrides defined for the current computer. Possible values are: true, false. Default is false. | Optional |
host_name | Hostname of the computer. | Optional |
display_name | Display name of the computer. | Optional |
description | Description of the computer. | Optional |
group_id | ID of the computer group to which the computer belongs. | Optional |
policy_id | ID of the policy assigned to the computer. | Optional |
asset_importance_id | ID of the asset importance assigned to the computer. | Optional |
relay_list_id | ID of the relay list that is assigned to the computer. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
TrendMicro.Computers.hostName | string | Hostname of the computer |
TrendMicro.Computers.displayName | string | Display name of the computer |
TrendMicro.Computers.description | string | Description of the computer |
TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-create-computer host_name="example_computer"
Context Example#
Human Readable Output#
Details for the new computer example_computer#
ID Host Name Group ID 217 example_computer 0
trendmicro-search-computers#
Search for specific computers by some field name with a certain type. Every field has a specific type. It can be a simple type like a string, a numeric or a boolean. However, it can also be a choice, which is a string with specific options (enumeration). To search, you must provide the field_name & field_type, the operation to perform, and the value to search.
Base Command#
trendmicro-search-computers
Input#
Argument Name | Description | Required |
---|---|---|
max_items | Limits the number of objects returned. | Optional |
field_name | The field name to search for. Possible values are: hostName, displayName, description, groupID, policyID, assetImportanceID, relayListID. | Required |
field_type | The type of the field. Possible values are: boolean, numeric, choice, id, string. | Required |
operation | The search conditional to test on the field name. Possible values are: less-than, less-than-or-equal, equal, greater-than-or-equal, greater-than, not-equal. | Required |
value | The value to compare. | Required |
sort_by_object_id | If true, forces the response objects to be sorted by ID, overriding the default sort order. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
TrendMicro.Computers.hostName | string | Hostname of the computer |
TrendMicro.Computers.displayName | string | Display name of the computer |
TrendMicro.Computers.description | string | Description of the computer |
TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-search-computers field_name=groupID field_type=numeric operation=equal value=0