Trend Micro Deep Security
This Integration is part of the Trend Micro Deep Security Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Trend Micro Deep Security This integration was integrated and tested with version 20.0 of Trend Micro Deep Security, and v1 of the API.
Changes compared to TrendMicroDsm#
Changes in commands#
- trendmicro-create-computer - New command.
- trendmicro-search-computers - New command.
- trendmicro-get-computer - New command.
- trendmicro-list-computers - New command.
- trendmicro-modify-computer - New command.
- trendmicro-delete-computer - New command.
- trendmicro-get-computer-setting - New command.
- trendmicro-modify-computer-setting - New command.
- trendmicro-reset-computer-setting - New command.
- trendmicro-list-computer-groups - New command.
- trendmicro-create-computer-group - New command.
- trendmicro-search-computer-groups - New command.
- trendmicro-get-computer-group - New command.
- trendmicro-modify-computer-group - New command.
- trendmicro-delete-computer-group - New command.
- trendmicro-search-firewall-rules - New command.
- trendmicro-list-firewall-rules - New command.
- trendmicro-create-firewall-rule - New command.
- trendmicro-get-firewall-rule - New command.
- trendmicro-modify-firewall-rule - New command.
- trendmicro-delete-firewall-rule - New command.
- trendmicro-list-firewall-rule-ids-of-computer - New command.
- trendmicro-add-firewall-rule-ids-to-computer - New command.
- trendmicro-set-firewall-rule-ids-to-computer - New command.
- trendmicro-get-policy - New command.
- trendmicro-modify-policy - New command.
- trendmicro-delete-policy - New command.
- trendmicro-get-policy-setting - New command.
- trendmicro-modify-policy-setting - New command.
- trendmicro-reset-policy-setting - New command.
- trendmicro-list-policies - New command.
- trendmicro-search-policies - New command.
- trendmicro-create-policy - New command.
- trendmicro-remove-firewall-rule-id-from-computer - New command.
- trendmicro-list-default-policy-settings - New command.
- trendmicro-get-default-policy-setting - New command.
- trendmicro-modify-default-policy-setting - New command.
- trendmicro-reset-default-policy-setting - New command.
Configure Trend Micro Deep Security in Cortex#
| Parameter | Description | Required |
|---|---|---|
| Server URL | Server URL for TrendMicro console. e.g: https://ip:port/ | True |
| API Secret | The API secret key | True |
| API Version | The API version used | False |
| Trust any certificate (not secure) | False | |
| Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
trendmicro-create-computer#
Create a new computer
Base Command#
trendmicro-create-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| expand | Determines the computer information to include in the response. Notice that the information is appended to the context data only. Possible values are: none, all, computerStatus, tasks, securityUpdates, computerSettings, allSecurityModules, antiMalware, webReputation, activityMonitoring, firewall, intrusionPrevention, integrityMonitoring, logInspection, applicationControl, SAP, interfaces, ESXSummary, allVirtualMachineSummaries, azureARMVirtualMachineSummary, azureVMVirtualMachineSummary, ec2VirtualMachineSummary, noConnectorVirtualMachineSummary, vmwareVMVirtualMachineSummary, vcloudVMVirtualMachineSummary, workspaceVirtualMachineSummary, gcpVirtualMachineSummary. Default is none. | Optional |
| overrides | Show only overrides defined for the current computer. Possible values are: true, false. Default is false. | Optional |
| host_name | Hostname of the computer. | Optional |
| display_name | Display name of the computer. | Optional |
| description | Description of the computer. | Optional |
| group_id | ID of the computer group to which the computer belongs. | Optional |
| policy_id | ID of the policy assigned to the computer. | Optional |
| asset_importance_id | ID of the asset importance assigned to the computer. | Optional |
| relay_list_id | ID of the relay list that is assigned to the computer. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Computers.hostName | string | Hostname of the computer |
| TrendMicro.Computers.displayName | string | Display name of the computer |
| TrendMicro.Computers.description | string | Description of the computer |
| TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
| TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
| TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
| TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-create-computer host_name="example_computer"
Context Example#
Human Readable Output#
Details for the new computer example_computer#
ID Host Name Group ID 217 example_computer 0
trendmicro-search-computers#
Search for specific computers by some field name with a certain type. Every field has a specific type. It can be a simple type like a string, a numeric or a boolean. However, it can also be a choice, which is a string with specific options (enumeration). To search, you must provide the field_name & field_type, the operation to perform, and the value to search.
Base Command#
trendmicro-search-computers
Input#
| Argument Name | Description | Required |
|---|---|---|
| max_items | Limits the number of objects returned. | Optional |
| field_name | The field name to search for. Possible values are: hostName, displayName, description, groupID, policyID, assetImportanceID, relayListID. | Required |
| field_type | The type of the field. Possible values are: boolean, numeric, choice, id, string. | Required |
| operation | The search conditional to test on the field name. Possible values are: less-than, less-than-or-equal, equal, greater-than-or-equal, greater-than, not-equal. | Required |
| value | The value to compare. | Required |
| sort_by_object_id | If true, forces the response objects to be sorted by ID, overriding the default sort order. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Computers.hostName | string | Hostname of the computer |
| TrendMicro.Computers.displayName | string | Display name of the computer |
| TrendMicro.Computers.description | string | Description of the computer |
| TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
| TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
| TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
| TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-search-computers field_name=groupID field_type=numeric operation=equal value=0
Context Example#
Human Readable Output#
Matched Computers#
ID Host Name Description Group ID 1 q1 Modified Test 0 2 q2 Modified Test 0 3 poc Modified Test 0 34 aaaaa Modified Test 0 166 poc1 Modified Test 0 216 example_computer 0
trendmicro-get-computer#
Get information about a certain computer
Base Command#
trendmicro-get-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer to get. | Required |
| expand | Determines the computer information to include in the response. Notice that the information is appended to the context data only. Possible values are: none, all, computerStatus, tasks, securityUpdates, computerSettings, allSecurityModules, antiMalware, webReputation, activityMonitoring, firewall, intrusionPrevention, integrityMonitoring, logInspection, applicationControl, SAP, interfaces, ESXSummary, allVirtualMachineSummaries, azureARMVirtualMachineSummary, azureVMVirtualMachineSummary, ec2VirtualMachineSummary, noConnectorVirtualMachineSummary, vmwareVMVirtualMachineSummary, vcloudVMVirtualMachineSummary, workspaceVirtualMachineSummary, gcpVirtualMachineSummary. Default is none. | Optional |
| overrides | Show only overrides defined for the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Computers.hostName | string | Hostname of the computer |
| TrendMicro.Computers.displayName | string | Display name of the computer |
| TrendMicro.Computers.description | string | Description of the computer |
| TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
| TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
| TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
| TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-get-computer computer_id=216
Context Example#
Human Readable Output#
Details for the computer example_computer#
ID Host Name Group ID 216 example_computer 0
trendmicro-list-computers#
Get information of all existing computers
Base Command#
trendmicro-list-computers
Input#
| Argument Name | Description | Required |
|---|---|---|
| expand | Determines the computer information to include in the response. Notice that the information is appended to the context data only. Possible values are: none, all, computerStatus, tasks, securityUpdates, computerSettings, allSecurityModules, antiMalware, webReputation, activityMonitoring, firewall, intrusionPrevention, integrityMonitoring, logInspection, applicationControl, SAP, interfaces, ESXSummary, allVirtualMachineSummaries, azureARMVirtualMachineSummary, azureVMVirtualMachineSummary, ec2VirtualMachineSummary, noConnectorVirtualMachineSummary, vmwareVMVirtualMachineSummary, vcloudVMVirtualMachineSummary, workspaceVirtualMachineSummary, gcpVirtualMachineSummary. Default is none. | Optional |
| overrides | Show only overrides defined for the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Computers.hostName | string | Hostname of the computer |
| TrendMicro.Computers.displayName | string | Display name of the computer |
| TrendMicro.Computers.description | string | Description of the computer |
| TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
| TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
| TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
| TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-list-computers expand="firewall"
Context Example#
Human Readable Output#
All computers list#
ID Host Name Description Group ID 1 q1 Modified Test 0 2 q2 Modified Test 0 3 poc Modified Test 0 34 aaaaa Modified Test 0 166 poc1 Modified Test 0 216 example_computer 0
trendmicro-modify-computer#
Modify properties of a certain computer
Base Command#
trendmicro-modify-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer to modify. | Required |
| expand | Determines the computer information to include in the response. Notice that the information is appended to the context data only. Possible values are: none, all, computerStatus, tasks, securityUpdates, computerSettings, allSecurityModules, antiMalware, webReputation, activityMonitoring, firewall, intrusionPrevention, integrityMonitoring, logInspection, applicationControl, SAP, interfaces, ESXSummary, allVirtualMachineSummaries, azureARMVirtualMachineSummary, azureVMVirtualMachineSummary, ec2VirtualMachineSummary, noConnectorVirtualMachineSummary, vmwareVMVirtualMachineSummary, vcloudVMVirtualMachineSummary, workspaceVirtualMachineSummary, gcpVirtualMachineSummary. Default is none. | Optional |
| host_name | Hostname of the computer. | Optional |
| display_name | Display name of the computer. | Optional |
| description | Description of the computer. | Optional |
| group_id | ID of the computer group to which the computer belongs. | Optional |
| policy_id | ID of the policy assigned to the computer. | Optional |
| asset_importance_id | ID of the asset importance assigned to the computer. | Optional |
| relay_list_id | ID of the relay list that is assigned to the computer. | Optional |
| overrides | Show the value only if defined for the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Computers.hostName | string | Hostname of the computer |
| TrendMicro.Computers.displayName | string | Display name of the computer |
| TrendMicro.Computers.description | string | Description of the computer |
| TrendMicro.Computers.groupID | integer | ID of the computer group to which the computer belongs |
| TrendMicro.Computers.policyID | integer | ID of the policy assigned to the computer |
| TrendMicro.Computers.assetImportanceID | integer | ID of the asset importance assigned to the computer |
| TrendMicro.Computers.relayListID | integer | ID of the relay list that is assigned to the computer |
Command Example#
!trendmicro-modify-computer computer_id=216 description="Example computer description"
Context Example#
Human Readable Output#
Details for the computer example_computer#
ID Host Name Description Group ID 216 example_computer Example computer description 0
trendmicro-delete-computer#
Delete a certain computer
Base Command#
trendmicro-delete-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer to delete. | Required |
Context Output#
There is no context output for this command.
Command Example#
!trendmicro-delete-computer computer_id=216
Human Readable Output#
The computer was successfully deleted!
trendmicro-get-computer-setting#
Get information about a setting of a certain computer
Base Command#
trendmicro-get-computer-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| name | The name of the setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputersSettings.computerId | integer | The computer id that owns the computer |
| TrendMicro.ComputersSettings.name | string | The name of the setting |
| TrendMicro.ComputersSettings.value | string | The value of a setting |
Command Example#
!trendmicro-get-computer-setting computer_id=216 name=activityMonitoringSettingActivityEnabled
Context Example#
Human Readable Output#
Settings for computer 216#
Computer ID Name Value activityMonitoringSettingActivityEnabled Off
trendmicro-modify-computer-setting#
Modify a setting of a certain computer
Base Command#
trendmicro-modify-computer-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| name | The name of the setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current computer. Possible values are: true, false. Default is false. | Optional |
| value | Value of a Setting. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputersSettings.computerId | integer | The ID of the computer that owns the setting |
| TrendMicro.ComputersSettings.name | string | The name of the setting |
| TrendMicro.ComputersSettings.value | string | Value of a Setting |
Command Example#
!trendmicro-modify-computer-setting computer_id=216 name=activityMonitoringSettingActivityEnabled value=on
Context Example#
Human Readable Output#
Settings for computer 216#
Computer ID Name Value activityMonitoringSettingActivityEnabled On
trendmicro-reset-computer-setting#
Reset a setting of certain computer to its default value.
Base Command#
trendmicro-reset-computer-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| name | The name of the setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputersSettings.computerId | integer | The ID of the computer that owns the setting |
| TrendMicro.ComputersSettings.name | string | The name of the setting |
| TrendMicro.ComputersSettings.value | string | The value of the setting |
Command Example#
!trendmicro-reset-computer-setting computer_id=216 name=activityMonitoringSettingActivityEnabled
Context Example#
Human Readable Output#
Settings for computer 216#
Computer ID Name Value activityMonitoringSettingActivityEnabled Off
trendmicro-list-computer-groups#
Get information about all existing computer groups
Base Command#
trendmicro-list-computer-groups
Input#
| Argument Name | Description | Required |
|---|
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputerGroups.name | string | Name of the computer group |
| TrendMicro.ComputerGroups.description | string | Description of the computer group |
| TrendMicro.ComputerGroups.parentGroupID | integer | ID of the computer group's parent group |
Command Example#
!trendmicro-list-computer-groups
Context Example#
Human Readable Output#
Computer Groups#
ID Name Description Parent Group ID 1 PoC Group Testing Group 100 Test Test Group 1 110 Example Computer Group 1
trendmicro-create-computer-group#
Create a new computer group
Base Command#
trendmicro-create-computer-group
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | Name of the computer group. | Required |
| description | Description of the computer group. | Optional |
| parent_group_id | ID of the computer group's parent group. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputerGroups.name | string | Name of the computer group |
| TrendMicro.ComputerGroups.description | string | Description of the computer group |
| TrendMicro.ComputerGroups.parentGroupID | integer | ID of the computer group's parent group |
Command Example#
!trendmicro-create-computer-group name="Example Computer Group" description="Example computer group description" parent_group_id=1
Context Example#
Human Readable Output#
Computer Groups#
ID Name Description Parent Group ID 111 Example Computer Group Example computer group description 1
trendmicro-search-computer-groups#
Search for specific computer groups by some field name with a certain type. Every field has a specific type. It can be a simple type like a string, a numeric or a boolean. However, it can also be a choice, which is a string with specific options (enumeration). To search, you must provide the field_name & field_type, the operation to perform, and the value to search.
Base Command#
trendmicro-search-computer-groups
Input#
| Argument Name | Description | Required |
|---|---|---|
| max_items | Limits the number of objects returned. | Optional |
| field_name | The name of the field. Possible values are: ID, type, name, description, parentGroupID. | Required |
| field_type | The type of the field. Possible values are: boolean, numeric, choice, id, string. | Required |
| operation | The operation to compare with. Possible values are: less-than, less-than-or-equal, equal, greater-than-or-equal, greater-than, not-equal. | Required |
| value | The value compare against the field name. | Required |
| sort_by_object_id | If true, forces the response objects to be sorted by ID, overriding the default sort order. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputerGroups.name | string | Name of the computer group |
| TrendMicro.ComputerGroups.description | string | Description of the computer group |
| TrendMicro.ComputerGroups.parentGroupID | integer | ID of the computer group's parent group |
Command Example#
!trendmicro-search-computer-groups field_name=ID operation=equal field_type=id value=110
Context Example#
Human Readable Output#
Matched Computer Groups#
ID Name Parent Group ID 110 Example Computer Group 1
trendmicro-get-computer-group#
Get information of a certain computer group
Base Command#
trendmicro-get-computer-group
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_group_id | The ID number of the computer group to get. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputerGroups.name | string | Name of the computer group |
| TrendMicro.ComputerGroups.description | string | Description of the computer group |
| TrendMicro.ComputerGroups.parentGroupID | integer | ID of the computer group's parent group |
Command Example#
!trendmicro-get-computer-group computer_group_id=110
Context Example#
Human Readable Output#
Computer Group 110 Details#
ID Name Parent Group ID 110 Example Computer Group 1
trendmicro-modify-computer-group#
Modify the properties of a certain computer group
Base Command#
trendmicro-modify-computer-group
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_group_id | The ID number of the computer group to modify. | Required |
| name | Name of the computer group. | Optional |
| description | Description of the computer group. | Optional |
| parent_group_id | ID of the computer group's parent group. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.ComputerGroups.name | string | Name of the computer group |
| TrendMicro.ComputerGroups.description | string | Description of the computer group |
| TrendMicro.ComputerGroups.parentGroupID | integer | ID of the computer group's parent group |
Command Example#
!trendmicro-modify-computer-group computer_group_id=110 description="Example computer group description"
Context Example#
Human Readable Output#
Computer Group#
ID Name Description Parent Group ID 110 Example Computer Group Example computer group description 1
trendmicro-delete-computer-group#
Delete a certain computer group
Base Command#
trendmicro-delete-computer-group
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_group_id | The ID number of the computer group to delete. | Required |
Context Output#
There is no context output for this command.
Command Example#
!trendmicro-delete-computer-group computer_group_id=110
Human Readable Output#
The computer group was successfully deleted!
trendmicro-search-firewall-rules#
Search for specific firewall rules by some field name with a certain type. Every field has a specific type. It can be a simple type like a string, a numeric or a boolean. However, it can also be a choice, which is a string with specific options (enumeration). To search, you must provide the field_name & field_type, the operation to perform, and the value to search.
Base Command#
trendmicro-search-firewall-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| max_items | Limits the number of objects returned. | Optional |
| field_name | The field name to search. Possible values are: ID, name, description, action, priority, direction, frameType, frameNumber, frameNot, protocol, protocolNumber, protocolNot, sourceIPType, sourceIPValue, sourceIPMask, sourceIPRangeFrom, sourceIPRangeTo, sourceIPMultiple, sourceIPListID, sourceIPNot, sourceMACType, sourceMACValue, sourceMACMultiple, sourceMACListID, sourceMACNot, sourcePortType, sourcePortMultiple, sourcePortListID, sourcePortNot, destinationIPType, destinationIPValue, destinationIPMask, destinationIPRangeFrom, destinationIPRangeTo, destinationIPMultiple, destinationIPListID, destinationIPNot, destinationMACType, destinationMACValue, destinationMACMultiple, destinationMACListID, destinationMACNot, destinationPortType, destinationPortMultiple, destinationPortListID, destinationPortNot, anyFlags, logDisabled, includePacketData, alertEnabled, scheduleID, contextID. | Required |
| field_type | The field type. Possible values are: boolean, numeric, choice, id, string. Default is string. | Optional |
| operation | The operation to test against the field. Possible values are: less-than, less-than-or-equal, equal, greater-than-or-equal, greater-than, not-equal. | Required |
| value | The value to compare against the field. | Required |
| sort_by_object_id | If true, forces the response objects to be sorted by ID, overriding the default sort order. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallRules.name | string | Name of the firewall rule |
| TrendMicro.FirewallRules.description | string | Description of the firewall rule |
| TrendMicro.FirewallRules.action | string | Action of the packet filter |
| TrendMicro.FirewallRules.priority | string | Priority of the packet filter |
| TrendMicro.FirewallRules.direction | string | Packet direction |
| TrendMicro.FirewallRules.frameType | string | Supported frame types |
| TrendMicro.FirewallRules.frameNumber | integer | Ethernet frame number |
| TrendMicro.FirewallRules.frameNot | boolean | Controls if the frame setting should be inverted |
| TrendMicro.FirewallRules.protocol | string | Protocol |
| TrendMicro.FirewallRules.protocolNumber | integer | Two-byte protocol number |
| TrendMicro.FirewallRules.protocolNot | boolean | Controls if the protocol setting should be inverted |
| TrendMicro.FirewallRules.sourceIPType | string | Source IP type |
| TrendMicro.FirewallRules.sourceIPValue | string | Source IP |
| TrendMicro.FirewallRules.sourceIPMask | string | Source IP mask |
| TrendMicro.FirewallRules.sourceIPRangeFrom | string | The first value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPRangeTo | string | The last value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPMultiple | array | List of source IP addresses |
| TrendMicro.FirewallRules.sourceIPListID | integer | ID of source IP list |
| TrendMicro.FirewallRules.sourceIPNot | boolean | Controls if the source IP setting should be inverted |
| TrendMicro.FirewallRules.sourceMACType | string | Source MAC type |
| TrendMicro.FirewallRules.sourceMACValue | string | Source MAC address |
| TrendMicro.FirewallRules.sourceMACMultiple | array | List of MAC addresses |
| TrendMicro.FirewallRules.sourceMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.sourceMACNot | boolean | Controls if the source MAC setting should be inverted |
| TrendMicro.FirewallRules.sourcePortType | string | The type of source port |
| TrendMicro.FirewallRules.sourcePortMultiple | array | List of comma-delimited source ports |
| TrendMicro.FirewallRules.sourcePortListID | integer | ID of source port list |
| TrendMicro.FirewallRules.sourcePortNot | boolean | Controls if the source port setting should be inverted |
| TrendMicro.FirewallRules.destinationIPType | string | Destination IP type |
| TrendMicro.FirewallRules.destinationIPValue | string | Destination IP |
| TrendMicro.FirewallRules.destinationIPMask | string | Destination IP mask |
| TrendMicro.FirewallRules.destinationIPRangeFrom | string | The first value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPRangeTo | string | The last value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPMultiple | array | List of comma-delimited destination IP addresses |
| TrendMicro.FirewallRules.destinationIPListID | integer | ID of destination IP list |
| TrendMicro.FirewallRules.destinationIPNot | boolean | Controls if the destination IP setting should be inverted |
| TrendMicro.FirewallRules.destinationMACType | string | Destination MAC type |
| TrendMicro.FirewallRules.destinationMACValue | string | Destination MAC address |
| TrendMicro.FirewallRules.destinationMACMultiple | array | List of comma-delimited MAC addresses |
| TrendMicro.FirewallRules.destinationMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.destinationMACNot | boolean | Controls if the destination MAC setting should be inverted |
| TrendMicro.FirewallRules.destinationPortType | string | The type of destination port |
| TrendMicro.FirewallRules.destinationPortMultiple | array | List of comma-delimited destination ports |
| TrendMicro.FirewallRules.destinationPortListID | integer | ID of destination port list |
| TrendMicro.FirewallRules.destinationPortNot | boolean | Controls if the destination port setting should be inverted |
| TrendMicro.FirewallRules.anyFlags | boolean | True if any flags are used |
| TrendMicro.FirewallRules.logDisabled | boolean | Controls if logging for this filter is disabled |
| TrendMicro.FirewallRules.includePacketData | boolean | Controls if this filter should capture data for every log |
| TrendMicro.FirewallRules.alertEnabled | boolean | Controls if this filter should be alerted on |
| TrendMicro.FirewallRules.scheduleID | integer | ID of the schedule to control when this filter is "on" |
| TrendMicro.FirewallRules.contextID | integer | RuleContext that is applied to this filter |
| TrendMicro.FirewallRules.tcpflags | array | TCP flags |
| TrendMicro.FirewallRules.TCPNot | boolean | Whther the TCP settings are inverted or not |
| TrendMicro.FirewallRules.ICMPType | integer | ICMP type |
| TrendMicro.FirewallRules.ICMPCode | integer | ICMP code |
| TrendMicro.FirewallRules.ICMPNot | boolean | Whther the ICMP settings are inverted or not |
Command Example#
!trendmicro-search-firewall-rules field_name="action" field_type="choice" operation="equal" value="allow"
Context Example#
Human Readable Output#
Matched Firewall Rules#
ID Name Description Direction Action 20 Deep Security Agent Allow incoming traffic to Deep Security Agent incoming allow 21 VMware vCenter Server Allow incoming traffic to VMware vCenter Server incoming allow 22 Allow Deep Security as a Service inbound communications incoming allow 24 Allow solicited TCP/UDP replies UDP stateful and TCP stateful must be enabled incoming allow 25 Allow solicited ICMP replies ICMP stateful must be enabled incoming allow 32 FTP Server Allow incoming traffic to an FTP Server incoming allow 35 Deep Security Manager Allow incoming traffic to Deep Security Manager incoming allow 36 Microsoft Exchange Server Allow incoming traffic to an Microsoft Exchange Server incoming allow 37 IPSec IKE incoming allow 38 IPSec Encryption incoming allow 39 IPSec Authentication incoming allow 40 Domain Controller (TCP) Allow incoming traffic to a Domain Controller incoming allow 42 Web Server Allow incoming TCP traffic to a Web Server incoming allow 43 Remote Access SSH Allow remote access to machines incoming allow 44 Domain Client (TCP) Allow incoming traffic from the domain controller incoming allow 46 SMTP Server Allow incoming TCP traffic to an SMTP Server incoming allow 47 IDENT incoming allow 52 Remote Access RDP Allow remote access to machines incoming allow 53 POP3 Server incoming allow 54 IMAP Server incoming allow 55 Computer Associates Unicenter incoming allow 56 Veritas incoming allow 70 Allow PPPOE Discovery incoming allow 71 Allow PPPOE Session incoming allow 72 Generic Routing Encapsulation incoming allow 75 poc_rule incoming allow 76 poc_rule1 incoming allow 77 poc_rule2 incoming allow 133 None incoming allow 166 UDP incoming allow 174 Example Rule incoming allow
trendmicro-list-firewall-rules#
List all existing firewall rules
Base Command#
trendmicro-list-firewall-rules
Input#
| Argument Name | Description | Required |
|---|
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallRules.name | string | Name of the firewall rule |
| TrendMicro.FirewallRules.description | string | Description of the firewall rule |
| TrendMicro.FirewallRules.action | string | Action of the packet filter |
| TrendMicro.FirewallRules.priority | string | Priority of the packet filter |
| TrendMicro.FirewallRules.direction | string | Packet direction |
| TrendMicro.FirewallRules.frameType | string | Supported frame types |
| TrendMicro.FirewallRules.frameNumber | integer | Ethernet frame number |
| TrendMicro.FirewallRules.frameNot | boolean | Controls if the frame setting should be inverted |
| TrendMicro.FirewallRules.protocol | string | Protocol |
| TrendMicro.FirewallRules.protocolNumber | integer | Two-byte protocol number |
| TrendMicro.FirewallRules.protocolNot | boolean | Controls if the protocol setting should be inverted |
| TrendMicro.FirewallRules.sourceIPType | string | Source IP type |
| TrendMicro.FirewallRules.sourceIPValue | string | Source IP |
| TrendMicro.FirewallRules.sourceIPMask | string | Source IP mask |
| TrendMicro.FirewallRules.sourceIPRangeFrom | string | The first value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPRangeTo | string | The last value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPMultiple | array | List of source IP addresses |
| TrendMicro.FirewallRules.sourceIPListID | integer | ID of source IP list |
| TrendMicro.FirewallRules.sourceIPNot | boolean | Controls if the source IP setting should be inverted |
| TrendMicro.FirewallRules.sourceMACType | string | Source MAC type |
| TrendMicro.FirewallRules.sourceMACValue | string | Source MAC address |
| TrendMicro.FirewallRules.sourceMACMultiple | array | List of MAC addresses |
| TrendMicro.FirewallRules.sourceMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.sourceMACNot | boolean | Controls if the source MAC setting should be inverted |
| TrendMicro.FirewallRules.sourcePortType | string | The type of source port |
| TrendMicro.FirewallRules.sourcePortMultiple | array | List of comma-delimited source ports |
| TrendMicro.FirewallRules.sourcePortListID | integer | ID of source port list |
| TrendMicro.FirewallRules.sourcePortNot | boolean | Controls if the source port setting should be inverted |
| TrendMicro.FirewallRules.destinationIPType | string | Destination IP type |
| TrendMicro.FirewallRules.destinationIPValue | string | Destination IP |
| TrendMicro.FirewallRules.destinationIPMask | string | Destination IP mask |
| TrendMicro.FirewallRules.destinationIPRangeFrom | string | The first value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPRangeTo | string | The last value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPMultiple | array | List of comma-delimited destination IP addresses |
| TrendMicro.FirewallRules.destinationIPListID | integer | ID of destination IP list |
| TrendMicro.FirewallRules.destinationIPNot | boolean | Controls if the destination IP setting should be inverted |
| TrendMicro.FirewallRules.destinationMACType | string | Destination MAC type |
| TrendMicro.FirewallRules.destinationMACValue | string | Destination MAC address |
| TrendMicro.FirewallRules.destinationMACMultiple | array | List of comma-delimited MAC addresses |
| TrendMicro.FirewallRules.destinationMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.destinationMACNot | boolean | Controls if the destination MAC setting should be inverted |
| TrendMicro.FirewallRules.destinationPortType | string | The type of destination port |
| TrendMicro.FirewallRules.destinationPortMultiple | array | List of comma-delimited destination ports |
| TrendMicro.FirewallRules.destinationPortListID | integer | ID of destination port list |
| TrendMicro.FirewallRules.destinationPortNot | boolean | Controls if the destination port setting should be inverted |
| TrendMicro.FirewallRules.anyFlags | boolean | True if any flags are used |
| TrendMicro.FirewallRules.logDisabled | boolean | Controls if logging for this filter is disabled |
| TrendMicro.FirewallRules.includePacketData | boolean | Controls if this filter should capture data for every log |
| TrendMicro.FirewallRules.alertEnabled | boolean | Controls if this filter should be alerted on |
| TrendMicro.FirewallRules.scheduleID | integer | ID of the schedule to control when this filter is "on" |
| TrendMicro.FirewallRules.contextID | integer | RuleContext that is applied to this filter |
| TrendMicro.FirewallRules.tcpflags | array | TCP flags |
| TrendMicro.FirewallRules.TCPNot | boolean | Whther the TCP settings are inverted or not |
| TrendMicro.FirewallRules.ICMPType | integer | ICMP type |
| TrendMicro.FirewallRules.ICMPCode | integer | ICMP code |
| TrendMicro.FirewallRules.ICMPNot | boolean | Whther the ICMP settings are inverted or not |
Command Example#
!trendmicro-list-firewall-rules
Context Example#
Human Readable Output#
Firewall Rules#
ID Name Description Direction Action 1 Off Domain Exceptions - Domain Client (UDP) outgoing force-allow 2 Off Domain Exceptions - GRE outgoing force-allow 3 Off Domain Exceptions - HTTP(S) outgoing force-allow 4 Off Domain Exceptions - ICMP Echo Request outgoing force-allow 5 Off Domain Exceptions - IPSec Encryption outgoing force-allow 6 Off Domain Exceptions - VPN Tunnel outgoing force-allow 7 Off Domain Exceptions - Wireless Authentication outgoing force-allow 8 Remote Domain Exceptions - ARP outgoing force-allow 9 Remote Domain Exceptions - DNS outgoing force-allow 10 Remote Domain Exceptions - GRE outgoing force-allow 11 Remote Domain Exceptions - ICMP Echo Request outgoing force-allow 12 Remote Domain Exceptions - IPSec Encryption outgoing force-allow 13 Remote Domain Exceptions - VPN Tunnel outgoing force-allow 14 Restricted Interface Exceptions - ARP Outgoing outgoing force-allow 15 Restricted Interface Exceptions - DHCP Client Incoming incoming force-allow 16 Restricted Interface Exceptions - DHCP Client Outgoing outgoing force-allow 17 Restricted Interface Exceptions - Wireless Authentication Incoming incoming force-allow 18 Restricted Interface Exceptions - Wireless Authentication Outgoing outgoing force-allow 19 Restricted Interface Exceptions - Netbios Name Service Outgoing outgoing force-allow 20 Deep Security Agent Allow incoming traffic to Deep Security Agent incoming allow 21 VMware vCenter Server Allow incoming traffic to VMware vCenter Server incoming allow 22 Allow Deep Security as a Service inbound communications incoming allow 23 Allow ICMP type 3 code 4 This ICMP packet is used for MTU path negotiation incoming force-allow 24 Allow solicited TCP/UDP replies UDP stateful and TCP stateful must be enabled incoming allow 25 Allow solicited ICMP replies ICMP stateful must be enabled incoming allow 26 DHCP Client Allow DHCP Offer traffic to a DHCP Client incoming force-allow 27 Deny Internal IP Ranges Ingress filter to deny incoming spoofed packets incoming deny 28 ARP Allow incoming ARP traffic incoming force-allow 29 NetBios Name Service For hosts that rely on NetBios for name resolution incoming force-allow 30 DHCP Server Allow incoming DHCP requests to a DHCP server incoming force-allow 31 Wireless Authentication Allow wireless authentication traffic incoming force-allow 32 FTP Server Allow incoming traffic to an FTP Server incoming allow 33 Microsoft SQL Server Allow incoming TCP traffic to a Microsoft SQL server incoming force-allow 34 Oracle SQL Server Allow incoming traffic to an Oracle SQL server incoming force-allow 35 Deep Security Manager Allow incoming traffic to Deep Security Manager incoming allow 36 Microsoft Exchange Server Allow incoming traffic to an Microsoft Exchange Server incoming allow 37 IPSec IKE incoming allow 38 IPSec Encryption incoming allow 39 IPSec Authentication incoming allow 40 Domain Controller (TCP) Allow incoming traffic to a Domain Controller incoming allow 41 Domain Controller (UDP) Allow incoming traffic to a Domain Controller incoming force-allow 42 Web Server Allow incoming TCP traffic to a Web Server incoming allow 43 Remote Access SSH Allow remote access to machines incoming allow 44 Domain Client (TCP) Allow incoming traffic from the domain controller incoming allow 45 Domain Client (UDP) Allow incoming traffic from the domain controller incoming force-allow 46 SMTP Server Allow incoming TCP traffic to an SMTP Server incoming allow 47 IDENT incoming allow 48 DNS Server Allow incoming DNS requests to a DNS server incoming force-allow 49 ICMP Echo Request Allow incoming Ping requests incoming force-allow 50 Network Time Protocol Allow Network Time Protocol traffic incoming force-allow 51 Windows File Sharing Allow file sharing traffic incoming force-allow 52 Remote Access RDP Allow remote access to machines incoming allow 53 POP3 Server incoming allow 54 IMAP Server incoming allow 55 Computer Associates Unicenter incoming allow 56 Veritas incoming allow 57 MySQL Server incoming force-allow 58 WINS incoming force-allow 59 WINS Registration incoming force-allow 60 WINS Replication incoming force-allow 61 Restricted Interface Exceptions - Netbios Name Service Incoming incoming force-allow 62 Restricted Interface Exceptions - ARP Incoming incoming force-allow 63 Restricted Interface Enforcement Log packets blocked due to Restricted Interface Enforcement policy outgoing deny 64 Off Domain Exceptions - Domain Client (TCP) outgoing force-allow 65 Off Domain Exceptions - ARP outgoing force-allow 66 Off Domain Exceptions - DNS outgoing force-allow 67 Remote Domain Exceptions When remotely connected to domain only corporate traffic is allowed outgoing force-allow 68 Remote Domain Enforcement (Split Tunnel) Log packets blocked due to Remote Domain Enforcement policy outgoing deny 69 Off Domain Enforcement Log packets blocked due to Off Domain Enforcement policy outgoing deny 70 Allow PPPOE Discovery incoming allow 71 Allow PPPOE Session incoming allow 72 Generic Routing Encapsulation incoming allow 73 Off Domain Exceptions - DHCP Client outgoing force-allow 75 poc_rule incoming allow 76 poc_rule1 incoming allow 77 poc_rule2 incoming allow 133 None incoming allow 166 UDP incoming allow 174 Example Rule incoming allow
trendmicro-create-firewall-rule#
Create a new firewall rule
Base Command#
trendmicro-create-firewall-rule
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | Name of the firewall rule. | Required |
| description | Description of the firewall rule. | Optional |
| action | Action of the packet filter. Possible values are: log-only, allow, deny, force-allow, bypass. | Required |
| priority | Priority of the packet filter. Possible values are: 0, 1, 2, 3, 4. | Optional |
| direction | Packet direction. Possible values are: incoming, outgoing. | Required |
| frame_type | Supported frame types. Possible values are: any, ip, arp, revarp, ipv4, ipv6, other. | Optional |
| frame_number | Ethernet frame number. | Optional |
| frame_not | Controls if the frame setting should be inverted. | Optional |
| protocol | Protocol. Possible values are: any, icmp, igmp, ggp, tcp, udp, pup, idp, nd, raw, tcp-udp, icmpv6, other. | Optional |
| protocol_number | Two-byte protocol number. | Optional |
| protocol_not | Controls if the protocol setting should be inverted. | Optional |
| source_ip_type | Source IP type. Possible values are: any, single, multiple, masked-ip, range, ip-list. | Optional |
| source_ip_value | Source IP. | Optional |
| source_ip_mask | Source IP mask. | Optional |
| source_ip_range_from | The first value for a range of source IP addresses. | Optional |
| source_ip_range_to | The last value for a range of source IP addresses. | Optional |
| source_ip_multiple | List of source IP addresses. | Optional |
| source_ip_list_id | ID of source IP list. | Optional |
| source_ip_not | Controls if the source IP setting should be inverted. | Optional |
| source_mac_type | Source MAC type. Possible values are: any, single, multiple, mac-list. | Optional |
| source_mac_value | Source MAC address. | Optional |
| source_mac_multiple | List of MAC addresses. | Optional |
| source_mac_list_id | ID of MAC address list. | Optional |
| source_mac_not | Controls if the source MAC setting should be inverted. | Optional |
| source_port_type | The type of source port. Possible values are: any, multiple, port-list. | Optional |
| source_port_multiple | List of comma-delimited source ports. | Optional |
| source_port_list_id | ID of source port list. | Optional |
| source_port_not | Controls if the source port setting should be inverted. | Optional |
| destination_ip_type | Destination IP type. Possible values are: any, single, multiple, range, masked-ip, ip-list. | Optional |
| destination_ip_value | Destination IP. | Optional |
| destination_ip_mask | Destination IP mask. | Optional |
| destination_ip_range_from | The first value for a range of destination IP addresses. | Optional |
| destination_ip_range_to | The last value for a range of destination IP addresses. | Optional |
| destination_ip_multiple | List of comma-delimited destination IP addresses. | Optional |
| destination_ip_list_id | ID of destination IP list. | Optional |
| destination_ip_not | Controls if the destination IP setting should be inverted. | Optional |
| destination_mac_type | Destination MAC type. Possible values are: any, single, multiple, mac-list. | Optional |
| destination_mac_value | Destination MAC address. | Optional |
| destination_mac_multiple | List of comma-delimited MAC addresses. | Optional |
| destination_mac_list_id | ID of MAC address list. | Optional |
| destination_mac_not | Controls if the destination MAC setting should be inverted. | Optional |
| destination_port_type | The type of destination port. Possible values are: any, multiple, port-list. | Optional |
| destination_port_multiple | List of comma-delimited destination ports. | Optional |
| destination_port_list_id | ID of destination port list. | Optional |
| destination_port_not | Controls if the destination port setting should be inverted. | Optional |
| any_flags | True if any flags are used. | Optional |
| log_disabled | Controls if logging for this filter is disabled. | Optional |
| include_packet_data | Controls if this filter should capture data for every log. | Optional |
| alert_enabled | Controls if this filter should be alerted on. | Optional |
| schedule_id | ID of the schedule to control when this filter is "on". | Optional |
| context_id | RuleContext that is applied to this filter. | Optional |
| tcpflags | The TCP flags the rule should filter by. Possible values are: syn, ack, psh, urg, fin, rst. | Optional |
| tcp_not | Controls if the TCP settings should be inverted. | Optional |
| icmp_type | The ICMP type the rule should filter by. | Optional |
| icmp_code | The ICMP code the rule should filter by. | Optional |
| icmp_not | Controls if the ICMP settings should be inverted. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallRules.name | string | Name of the firewall rule |
| TrendMicro.FirewallRules.description | string | Description of the firewall rule |
| TrendMicro.FirewallRules.action | string | Action of the packet filter |
| TrendMicro.FirewallRules.priority | string | Priority of the packet filter |
| TrendMicro.FirewallRules.direction | string | Packet direction |
| TrendMicro.FirewallRules.frameType | string | Supported frame types |
| TrendMicro.FirewallRules.frameNumber | integer | Ethernet frame number |
| TrendMicro.FirewallRules.frameNot | boolean | Controls if the frame setting should be inverted |
| TrendMicro.FirewallRules.protocol | string | Protocol |
| TrendMicro.FirewallRules.protocolNumber | integer | Two-byte protocol number |
| TrendMicro.FirewallRules.protocolNot | boolean | Controls if the protocol setting should be inverted |
| TrendMicro.FirewallRules.sourceIPType | string | Source IP type |
| TrendMicro.FirewallRules.sourceIPValue | string | Source IP |
| TrendMicro.FirewallRules.sourceIPMask | string | Source IP mask |
| TrendMicro.FirewallRules.sourceIPRangeFrom | string | The first value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPRangeTo | string | The last value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPMultiple | array | List of source IP addresses |
| TrendMicro.FirewallRules.sourceIPListID | integer | ID of source IP list |
| TrendMicro.FirewallRules.sourceIPNot | boolean | Controls if the source IP setting should be inverted |
| TrendMicro.FirewallRules.sourceMACType | string | Source MAC type |
| TrendMicro.FirewallRules.sourceMACValue | string | Source MAC address |
| TrendMicro.FirewallRules.sourceMACMultiple | array | List of MAC addresses |
| TrendMicro.FirewallRules.sourceMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.sourceMACNot | boolean | Controls if the source MAC setting should be inverted |
| TrendMicro.FirewallRules.sourcePortType | string | The type of source port |
| TrendMicro.FirewallRules.sourcePortMultiple | array | List of comma-delimited source ports |
| TrendMicro.FirewallRules.sourcePortListID | integer | ID of source port list |
| TrendMicro.FirewallRules.sourcePortNot | boolean | Controls if the source port setting should be inverted |
| TrendMicro.FirewallRules.destinationIPType | string | Destination IP type |
| TrendMicro.FirewallRules.destinationIPValue | string | Destination IP |
| TrendMicro.FirewallRules.destinationIPMask | string | Destination IP mask |
| TrendMicro.FirewallRules.destinationIPRangeFrom | string | The first value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPRangeTo | string | The last value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPMultiple | array | List of comma-delimited destination IP addresses |
| TrendMicro.FirewallRules.destinationIPListID | integer | ID of destination IP list |
| TrendMicro.FirewallRules.destinationIPNot | boolean | Controls if the destination IP setting should be inverted |
| TrendMicro.FirewallRules.destinationMACType | string | Destination MAC type |
| TrendMicro.FirewallRules.destinationMACValue | string | Destination MAC address |
| TrendMicro.FirewallRules.destinationMACMultiple | array | List of comma-delimited MAC addresses |
| TrendMicro.FirewallRules.destinationMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.destinationMACNot | boolean | Controls if the destination MAC setting should be inverted |
| TrendMicro.FirewallRules.destinationPortType | string | The type of destination port |
| TrendMicro.FirewallRules.destinationPortMultiple | array | List of comma-delimited destination ports |
| TrendMicro.FirewallRules.destinationPortListID | integer | ID of destination port list |
| TrendMicro.FirewallRules.destinationPortNot | boolean | Controls if the destination port setting should be inverted |
| TrendMicro.FirewallRules.anyFlags | boolean | True if any flags are used |
| TrendMicro.FirewallRules.logDisabled | boolean | Controls if logging for this filter is disabled |
| TrendMicro.FirewallRules.includePacketData | boolean | Controls if this filter should capture data for every log |
| TrendMicro.FirewallRules.alertEnabled | boolean | Controls if this filter should be alerted on |
| TrendMicro.FirewallRules.scheduleID | integer | ID of the schedule to control when this filter is "on" |
| TrendMicro.FirewallRules.contextID | integer | RuleContext that is applied to this filter |
| TrendMicro.FirewallRules.tcpflags | array | TCP flags |
| TrendMicro.FirewallRules.TCPNot | boolean | Whether the TCP settings are inverted |
| TrendMicro.FirewallRules.ICMPType | integer | ICMP type |
| TrendMicro.FirewallRules.ICMPCode | integer | ICMP code |
| TrendMicro.FirewallRules.ICMPNot | boolean | Whether the ICMP settings are inverted |
Command Example#
!trendmicro-create-firewall-rule name="Example Rule" action=allow protocol=udp direction=incoming
Context Example#
Human Readable Output#
Firewall Rules#
ID Name Direction Action 175 Example Rule incoming allow
trendmicro-get-firewall-rule#
Get information about a certain firewall rule
Base Command#
trendmicro-get-firewall-rule
Input#
| Argument Name | Description | Required |
|---|---|---|
| firewall_rule_id | The ID number of the firewall rule to get. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallRules.name | string | Name of the firewall rule |
| TrendMicro.FirewallRules.description | string | Description of the firewall rule |
| TrendMicro.FirewallRules.action | string | Action of the packet filter |
| TrendMicro.FirewallRules.priority | string | Priority of the packet filter |
| TrendMicro.FirewallRules.direction | string | Packet direction |
| TrendMicro.FirewallRules.frameType | string | Supported frame types |
| TrendMicro.FirewallRules.frameNumber | integer | Ethernet frame number |
| TrendMicro.FirewallRules.frameNot | boolean | Controls if the frame setting should be inverted |
| TrendMicro.FirewallRules.protocol | string | Protocol |
| TrendMicro.FirewallRules.protocolNumber | integer | Two-byte protocol number |
| TrendMicro.FirewallRules.protocolNot | boolean | Controls if the protocol setting should be inverted |
| TrendMicro.FirewallRules.sourceIPType | string | Source IP type |
| TrendMicro.FirewallRules.sourceIPValue | string | Source IP |
| TrendMicro.FirewallRules.sourceIPMask | string | Source IP mask |
| TrendMicro.FirewallRules.sourceIPRangeFrom | string | The first value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPRangeTo | string | The last value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPMultiple | array | List of source IP addresses |
| TrendMicro.FirewallRules.sourceIPListID | integer | ID of source IP list |
| TrendMicro.FirewallRules.sourceIPNot | boolean | Controls if the source IP setting should be inverted |
| TrendMicro.FirewallRules.sourceMACType | string | Source MAC type |
| TrendMicro.FirewallRules.sourceMACValue | string | Source MAC address |
| TrendMicro.FirewallRules.sourceMACMultiple | array | List of MAC addresses |
| TrendMicro.FirewallRules.sourceMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.sourceMACNot | boolean | Controls if the source MAC setting should be inverted |
| TrendMicro.FirewallRules.sourcePortType | string | The type of source port |
| TrendMicro.FirewallRules.sourcePortMultiple | array | List of comma-delimited source ports |
| TrendMicro.FirewallRules.sourcePortListID | integer | ID of source port list |
| TrendMicro.FirewallRules.sourcePortNot | boolean | Controls if the source port setting should be inverted |
| TrendMicro.FirewallRules.destinationIPType | string | Destination IP type |
| TrendMicro.FirewallRules.destinationIPValue | string | Destination IP |
| TrendMicro.FirewallRules.destinationIPMask | string | Destination IP mask |
| TrendMicro.FirewallRules.destinationIPRangeFrom | string | The first value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPRangeTo | string | The last value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPMultiple | array | List of comma-delimited destination IP addresses |
| TrendMicro.FirewallRules.destinationIPListID | integer | ID of destination IP list |
| TrendMicro.FirewallRules.destinationIPNot | boolean | Controls if the destination IP setting should be inverted |
| TrendMicro.FirewallRules.destinationMACType | string | Destination MAC type |
| TrendMicro.FirewallRules.destinationMACValue | string | Destination MAC address |
| TrendMicro.FirewallRules.destinationMACMultiple | array | List of comma-delimited MAC addresses |
| TrendMicro.FirewallRules.destinationMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.destinationMACNot | boolean | Controls if the destination MAC setting should be inverted |
| TrendMicro.FirewallRules.destinationPortType | string | The type of destination port |
| TrendMicro.FirewallRules.destinationPortMultiple | array | List of comma-delimited destination ports |
| TrendMicro.FirewallRules.destinationPortListID | integer | ID of destination port list |
| TrendMicro.FirewallRules.destinationPortNot | boolean | Controls if the destination port setting should be inverted |
| TrendMicro.FirewallRules.anyFlags | boolean | True if any flags are used |
| TrendMicro.FirewallRules.logDisabled | boolean | Controls if logging for this filter is disabled |
| TrendMicro.FirewallRules.includePacketData | boolean | Controls if this filter should capture data for every log |
| TrendMicro.FirewallRules.alertEnabled | boolean | Controls if this filter should be alerted on |
| TrendMicro.FirewallRules.scheduleID | integer | ID of the schedule to control when this filter is "on" |
| TrendMicro.FirewallRules.contextID | integer | RuleContext that is applied to this filter |
| TrendMicro.FirewallRules.tcpflags | array | TCP flags |
| TrendMicro.FirewallRules.TCPNot | boolean | Whether the TCP settings are inverted or not |
| TrendMicro.FirewallRules.ICMPType | integer | ICMP type |
| TrendMicro.FirewallRules.ICMPCode | integer | ICMP code |
| TrendMicro.FirewallRules.ICMPNot | boolean | Whether the ICMP settings are inverted or not |
Command Example#
!trendmicro-get-firewall-rule firewall_rule_id=174
Context Example#
Human Readable Output#
Details of The Firewall Rule 174#
ID Name Direction Action 174 Example Rule incoming allow
trendmicro-modify-firewall-rule#
Modify the properties of a certain firewall rule
Base Command#
trendmicro-modify-firewall-rule
Input#
| Argument Name | Description | Required |
|---|---|---|
| firewall_rule_id | The ID number of the firewall rule to modify. | Required |
| name | Name of the firewall rule. | Optional |
| description | Description of the firewall rule. | Optional |
| action | Action of the packet filter. Possible values are: log-only, allow, deny, force-allow, bypass. | Optional |
| priority | Priority of the packet filter. Possible values are: 0, 1, 2, 3, 4. | Optional |
| direction | Packet direction. Possible values are: incoming, outgoing. | Optional |
| frame_type | Supported frame types. Possible values are: any, ip, arp, revarp, ipv4, ipv6, other. | Optional |
| frame_number | Ethernet frame number. | Optional |
| frame_not | Controls if the frame setting should be inverted. | Optional |
| protocol | Protocol. Possible values are: any, icmp, igmp, ggp, tcp, pup, udp, idp, nd, raw, tcp-udp, icmpv6, other. | Optional |
| protocol_number | Two-byte protocol number. | Optional |
| protocol_not | Controls if the protocol setting should be inverted. | Optional |
| source_ip_type | Source IP type. Possible values are: any, masked-ip, range, ip-list, single, multiple. | Optional |
| source_ip_value | Source IP. | Optional |
| source_ip_mask | Source IP mask. | Optional |
| source_ip_range_from | The first value for a range of source IP addresses. | Optional |
| source_ip_range_to | The last value for a range of source IP addresses. | Optional |
| source_ip_multiple | List of source IP addresses. | Optional |
| source_ip_list_id | ID of source IP list. | Optional |
| source_ip_not | Controls if the source IP setting should be inverted. | Optional |
| source_mac_type | Source MAC type. Possible values are: any, single, mac-list, multiple. | Optional |
| source_mac_value | Source MAC address. | Optional |
| source_mac_multiple | List of MAC addresses. | Optional |
| source_mac_list_id | ID of MAC address list. | Optional |
| source_mac_not | Controls if the source MAC setting should be inverted. | Optional |
| source_port_type | The type of source port. Possible values are: any, multiple, port-list. | Optional |
| source_port_multiple | List of comma-delimited source ports. | Optional |
| source_port_list_id | ID of source port list. | Optional |
| source_port_not | Controls if the source port setting should be inverted. | Optional |
| destination_ip_type | Destination IP type. Possible values are: any, single, multiple, range, masked-ip, ip-list. | Optional |
| destination_ip_value | Destination IP. | Optional |
| destination_ip_mask | Destination IP mask. | Optional |
| destination_ip_range_from | The first value for a range of destination IP addresses. | Optional |
| destination_ip_range_to | The last value for a range of destination IP addresses. | Optional |
| destination_ip_multiple | List of comma-delimited destination IP addresses. | Optional |
| destination_ip_list_id | ID of destination IP list. | Optional |
| destination_ip_not | Controls if the destination IP setting should be inverted. | Optional |
| destination_mac_type | Destination MAC type. Possible values are: any, single, multiple, mac-list. | Optional |
| destination_mac_value | Destination MAC address. | Optional |
| destination_mac_multiple | List of comma-delimited MAC addresses. | Optional |
| destination_mac_list_id | ID of MAC address list. | Optional |
| destination_mac_not | Controls if the destination MAC setting should be inverted. | Optional |
| destination_port_type | The type of destination port. Possible values are: any, port-list, multiple. | Optional |
| destination_port_multiple | List of comma-delimited destination ports. | Optional |
| destination_port_list_id | ID of destination port list. | Optional |
| destination_port_not | Controls if the destination port setting should be inverted. | Optional |
| any_flags | True if any flags are used. | Optional |
| log_disabled | Controls if logging for this filter is disabled. | Optional |
| include_packet_data | Controls if this filter should capture data for every log. | Optional |
| alert_enabled | Controls if this filter should be alerted on. | Optional |
| schedule_id | ID of the schedule to control when this filter is "on". | Optional |
| context_id | RuleContext that is applied to this filter. | Optional |
| tcpflags | The TCP flags the rule should filter by. Possible values are: syn, ack, psh, urg, fin, rst. | Optional |
| tcp_not | Controls if the TCP settings should be inverted. | Optional |
| icmp_type | The ICMP type the rule should filter by. | Optional |
| icmp_code | The ICMP code the rule should filter by. | Optional |
| icmp_not | Controls if the ICMP settings should be inverted. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallRules.name | string | Name of the firewall rule |
| TrendMicro.FirewallRules.description | string | Description of the firewall rule |
| TrendMicro.FirewallRules.action | string | Action of the packet filter |
| TrendMicro.FirewallRules.priority | string | Priority of the packet filter |
| TrendMicro.FirewallRules.direction | string | Packet direction |
| TrendMicro.FirewallRules.frameType | string | Supported frame types |
| TrendMicro.FirewallRules.frameNumber | integer | Ethernet frame number |
| TrendMicro.FirewallRules.frameNot | boolean | Controls if the frame setting should be inverted |
| TrendMicro.FirewallRules.protocol | string | Protocol |
| TrendMicro.FirewallRules.protocolNumber | integer | Two-byte protocol number |
| TrendMicro.FirewallRules.protocolNot | boolean | Controls if the protocol setting should be inverted |
| TrendMicro.FirewallRules.sourceIPType | string | Source IP type |
| TrendMicro.FirewallRules.sourceIPValue | string | Source IP |
| TrendMicro.FirewallRules.sourceIPMask | string | Source IP mask |
| TrendMicro.FirewallRules.sourceIPRangeFrom | string | The first value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPRangeTo | string | The last value for a range of source IP addresses |
| TrendMicro.FirewallRules.sourceIPMultiple | array | List of source IP addresses |
| TrendMicro.FirewallRules.sourceIPListID | integer | ID of source IP list |
| TrendMicro.FirewallRules.sourceIPNot | boolean | Controls if the source IP setting should be inverted |
| TrendMicro.FirewallRules.sourceMACType | string | Source MAC type |
| TrendMicro.FirewallRules.sourceMACValue | string | Source MAC address |
| TrendMicro.FirewallRules.sourceMACMultiple | array | List of MAC addresses |
| TrendMicro.FirewallRules.sourceMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.sourceMACNot | boolean | Controls if the source MAC setting should be inverted |
| TrendMicro.FirewallRules.sourcePortType | string | The type of source port |
| TrendMicro.FirewallRules.sourcePortMultiple | array | List of comma-delimited source ports |
| TrendMicro.FirewallRules.sourcePortListID | integer | ID of source port list |
| TrendMicro.FirewallRules.sourcePortNot | boolean | Controls if the source port setting should be inverted |
| TrendMicro.FirewallRules.destinationIPType | string | Destination IP type |
| TrendMicro.FirewallRules.destinationIPValue | string | Destination IP |
| TrendMicro.FirewallRules.destinationIPMask | string | Destination IP mask |
| TrendMicro.FirewallRules.destinationIPRangeFrom | string | The first value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPRangeTo | string | The last value for a range of destination IP addresses |
| TrendMicro.FirewallRules.destinationIPMultiple | array | List of comma-delimited destination IP addresses |
| TrendMicro.FirewallRules.destinationIPListID | integer | ID of destination IP list |
| TrendMicro.FirewallRules.destinationIPNot | boolean | Controls if the destination IP setting should be inverted |
| TrendMicro.FirewallRules.destinationMACType | string | Destination MAC type |
| TrendMicro.FirewallRules.destinationMACValue | string | Destination MAC address |
| TrendMicro.FirewallRules.destinationMACMultiple | array | List of comma-delimited MAC addresses |
| TrendMicro.FirewallRules.destinationMACListID | integer | ID of MAC address list |
| TrendMicro.FirewallRules.destinationMACNot | boolean | Controls if the destination MAC setting should be inverted |
| TrendMicro.FirewallRules.destinationPortType | string | The type of destination port |
| TrendMicro.FirewallRules.destinationPortMultiple | array | List of comma-delimited destination ports |
| TrendMicro.FirewallRules.destinationPortListID | integer | ID of destination port list |
| TrendMicro.FirewallRules.destinationPortNot | boolean | Controls if the destination port setting should be inverted |
| TrendMicro.FirewallRules.anyFlags | boolean | True if any flags are used |
| TrendMicro.FirewallRules.logDisabled | boolean | Controls if logging for this filter is disabled |
| TrendMicro.FirewallRules.includePacketData | boolean | Controls if this filter should capture data for every log |
| TrendMicro.FirewallRules.alertEnabled | boolean | Controls if this filter should be alerted on |
| TrendMicro.FirewallRules.scheduleID | integer | ID of the schedule to control when this filter is "on" |
| TrendMicro.FirewallRules.contextID | integer | RuleContext that is applied to this filter |
| TrendMicro.FirewallRules.tcpflags | array | TCP flags |
| TrendMicro.FirewallRules.TCPNot | boolean | Whether the TCP settings are inverted or not |
| TrendMicro.FirewallRules.ICMPType | integer | ICMP type |
| TrendMicro.FirewallRules.ICMPCode | integer | ICMP code |
| TrendMicro.FirewallRules.ICMPNot | boolean | Whether the ICMP settings are inverted or not |
Command Example#
!trendmicro-modify-firewall-rule firewall_rule_id=174 action=deny
Context Example#
Human Readable Output#
Details About The Modified Firewall Rule 174#
ID Name Direction Action 174 Example Rule incoming deny
trendmicro-delete-firewall-rule#
Delete a certain firewall rule
Base Command#
trendmicro-delete-firewall-rule
Input#
| Argument Name | Description | Required |
|---|---|---|
| firewall_rule_id | The ID number of the firewall rule to delete. | Required |
Context Output#
There is no context output for this command.
Command Example#
!trendmicro-delete-firewall-rule firewall_rule_id=174
Human Readable Output#
The firewall rule was successfully deleted!
trendmicro-list-firewall-rule-ids-of-computer#
List all IDs of the firewall rules that are assigned to a certain computer
Base Command#
trendmicro-list-firewall-rule-ids-of-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| overrides | Return only rule IDs assigned directly to the current computer. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallAssignments.assignedRuleIDs | array | List of assigned firewall rule IDs |
Command Example#
!trendmicro-list-firewall-rule-ids-of-computer computer_id=216
Context Example#
Human Readable Output#
The firewall rules IDs that are assigned to 216:
trendmicro-add-firewall-rule-ids-to-computer#
Add firewall rule IDs to a certain computer
Base Command#
trendmicro-add-firewall-rule-ids-to-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| overrides | Return only rule IDs assigned directly to the current computer. Possible values are: true, false. Default is false. | Optional |
| rule_ids | The rule IDs to add to the computer. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallAssignments.assignedRuleIDs | array | List of assigned firewall rule IDs |
Command Example#
!trendmicro-add-firewall-rule-ids-to-computer computer_id=216 rule_ids=31
Context Example#
Human Readable Output#
The firewall rules IDs that are assigned to computer 216: 21, 22, 31
trendmicro-set-firewall-rule-ids-to-computer#
Assign firewall rule IDs to a certain computer
Base Command#
trendmicro-set-firewall-rule-ids-to-computer
Input#
| Argument Name | Description | Required |
|---|---|---|
| computer_id | The ID number of the computer. | Required |
| overrides | Return only rule IDs assigned directly to the current computer. Possible values are: true, false. Default is false. | Optional |
| rule_ids | The rule IDs to assign to the computer. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.FirewallAssignments.assignedRuleIDs | array | List of assigned firewall rule IDs |
Command Example#
!trendmicro-set-firewall-rule-ids-to-computer computer_id=216 rule_ids=21,22
Context Example#
Human Readable Output#
The firewall rules IDs that are assigned to computer 216: 21, 22
trendmicro-get-policy#
Get information about a certain policy
Base Command#
trendmicro-get-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy to get. | Required |
| overrides | Show only overrides defined for the current policy. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Policies.parentID | integer | ID of the parent policy |
| TrendMicro.Policies.name | string | Name of the policy |
| TrendMicro.Policies.description | string | Description of the policy |
| TrendMicro.Policies.recommendationScanMode | string | Enable or disable ongoing recommendation scans for computers assigned this policy |
| TrendMicro.Policies.autoRequiresUpdate | string | Automatically update computers assigned this policy when the configuration changes |
Command Example#
!trendmicro-get-policy policy_id=105
Context Example#
Human Readable Output#
Details About The Policy 105#
ID Name Description 105 Example Policy Example policy description
trendmicro-modify-policy#
Modify a certain policy
Base Command#
trendmicro-modify-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy to modify. | Required |
| overrides | Show only overrides defined for the current policy. Possible values are: true, false. Default is false. | Optional |
| parent_id | ID of the parent policy. | Optional |
| name | Name of the policy. | Optional |
| description | Description of the policy. | Optional |
| recommendation_scan_mode | Enable or disable ongoing recommendation scans for computers assigned this policy. | Optional |
| auto_requires_update | Automatically update computers assigned this policy when the configuration changes. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Policies.parentID | integer | ID of the parent policy |
| TrendMicro.Policies.name | string | Name of the policy |
| TrendMicro.Policies.description | string | Description of the policy |
| TrendMicro.Policies.recommendationScanMode | string | Enable or disable ongoing recommendation scans for computers assigned this policy |
| TrendMicro.Policies.autoRequiresUpdate | string | Automatically update computers assigned this policy when the configuration changes |
Command Example#
!trendmicro-modify-policy policy_id=105 description="Example policy description"
Context Example#
Human Readable Output#
Details About The Policy 105#
ID Name Description 105 Example Policy Example policy description
trendmicro-delete-policy#
Delete a certain policy
Base Command#
trendmicro-delete-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy to delete. | Required |
Context Output#
There is no context output for this command.
Command Example#
!trendmicro-delete-policy policy_id=105
Human Readable Output#
The policy was successfully deleted!
trendmicro-get-policy-setting#
Get information about a setting of a certain policy
Base Command#
trendmicro-get-policy-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy. | Required |
| name | The name of the policy setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current policy. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.PolicySettings.policyId | integer | Policy ID of a Setting |
| TrendMicro.PolicySettings.name | string | Name of a Setting |
| TrendMicro.PolicySettings.value | string | Value of a Setting |
Command Example#
!trendmicro-get-policy-setting policy_id=105 name=firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled
Context Example#
Human Readable Output#
The Policy Setting#
Policy Id Name Value 105 firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled false
trendmicro-modify-policy-setting#
Modify the value of a setting of a certain policy
Base Command#
trendmicro-modify-policy-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy. | Required |
| name | The name of the setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current computer. Possible values are: true, false. Default is false. | Optional |
| value | Value of a Setting. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.PolicySettings.policyId | integer | Policy Id of a Setting |
| TrendMicro.PolicySettings.name | string | Name of a Setting |
| TrendMicro.PolicySettings.value | string | Value of a Setting |
Command Example#
!trendmicro-modify-policy-setting name=firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled policy_id=105 value=true
Context Example#
Human Readable Output#
The Policy Setting:#
Policy Id Name Value 105 firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled true
trendmicro-reset-policy-setting#
Reset the value of a setting of a certain policy
Base Command#
trendmicro-reset-policy-setting
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The ID number of the policy. | Required |
| name | The name of the policy setting. Possible values are: logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin, firewallSettingEngineOptionConnectionsCleanupMax, firewallSettingEngineOptionVerifyTcpChecksumEnabled, antiMalwareSettingScanCacheOnDemandConfigId, applicationControlSettingSharedRulesetId, webReputationSettingSmartProtectionServerConnectionLostWarningEnabled, applicationControlSettingExecutionEnforcementLevel, webReputationSettingBlockedUrlDomains, firewallSettingEngineOptionSynSentTimeout, platformSettingAgentSelfProtectionPassword, firewallSettingReconnaissanceBlockTcpXmasAttackDuration, intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled, logInspectionSettingSyslogConfigId, firewallSettingEngineOptionDebugModeEnabled, firewallSettingVirtualAndContainerNetworkScanEnabled, antiMalwareSettingFileHashSha256Enabled, firewallSettingReconnaissanceNotifyFingerprintProbeEnabled, firewallSettingEventLogFileRetainNum, firewallSettingAntiEvasionCheckTcpPawsZero, antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled, intrusionPreventionSettingEngineOptionFragmentedIpKeepMax, firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled, logInspectionSettingSeverityClippingAgentEventStoreLevelMin, platformSettingScanCacheConcurrencyMax, antiMalwareSettingSyslogConfigId, firewallSettingAntiEvasionTcpPawsWindowPolicy, firewallSettingReconnaissanceDetectTcpXmasAttackEnabled, applicationControlSettingRulesetMode, antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled, webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal, integrityMonitoringSettingCombinedModeProtectionSource, firewallSettingEngineOptionCloseWaitTimeout, platformSettingScanOpenPortListId, platformSettingAgentSelfProtectionPasswordEnabled, firewallSettingEngineOptionAckTimeout, firewallSettingEventLogFileCachedEntriesStaleTime, firewallSettingCombinedModeProtectionSource, platformSettingAgentEventsSendInterval, platformSettingInactiveAgentCleanupOverrideEnabled, firewallSettingFailureResponseEngineSystem, platformSettingRelayState, firewallSettingEngineOptionDropEvasiveRetransmitEnabled, activityMonitoringSettingIndicatorEnabled, intrusionPreventionSettingEngineOptionFragmentedIpTimeout, firewallSettingAntiEvasionCheckTcpZeroFlags, webReputationSettingSmartProtectionGlobalServerUseProxyEnabled, intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel, firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled, firewallSettingEngineOptionUdpTimeout, webReputationSettingSmartProtectionLocalServerEnabled, firewallSettingEngineOptionTcpMssLimit, firewallSettingEngineOptionColdStartTimeout, firewallSettingEngineOptionEstablishedTimeout, antiMalwareSettingIdentifiedFilesSpaceMaxMbytes, firewallSettingEngineOptionAllowNullIpEnabled, platformSettingNotificationsSuppressPopupsEnabled, firewallSettingAntiEvasionCheckTcpRstFinFlags, firewallSettingEngineOptionDisconnectTimeout, firewallSettingEngineOptionCloseTimeout, firewallSettingEngineOptionTunnelDepthMaxExceededAction, firewallSettingReconnaissanceDetectTcpNullScanEnabled, platformSettingSmartProtectionAntiMalwareGlobalServerProxyId, firewallSettingEngineOptionFilterIpv4Tunnels, webReputationSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionLogOnePacketPeriod, firewallSettingEngineOptionFilterIpv6Tunnels, firewallSettingAntiEvasionCheckTcpCongestionFlags, platformSettingHeartbeatMissedAlertThreshold, intrusionPreventionSettingEngineOptionsEnabled, firewallSettingEngineOptionConnectionsNumUdpMax, integrityMonitoringSettingAutoApplyRecommendationsEnabled, firewallSettingEngineOptionTunnelDepthMax, firewallSettingEngineOptionDropUnknownSslProtocolEnabled, antiMalwareSettingNsxSecurityTaggingValue, intrusionPreventionSettingLogDataRuleFirstMatchEnabled, firewallSettingEngineOptionLoggingPolicy, platformSettingTroubleshootingLoggingLevel, antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax, webReputationSettingCombinedModeProtectionSource, firewallSettingEngineOptionClosingTimeout, firewallSettingAntiEvasionCheckPaws, intrusionPreventionSettingAutoApplyRecommendationsEnabled, firewallSettingReconnaissanceDetectFingerprintProbeEnabled, antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled, firewallSettingEngineOptionLogPacketLengthMax, firewallSettingEngineOptionDropTeredoAnomaliesEnabled, webReputationSettingSecurityLevel, firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled, activityMonitoringSettingActivityEnabled, firewallSettingEngineOptionStrictTerodoPortCheckEnabled, webReputationSettingBlockedUrlKeywords, webReputationSettingSyslogConfigId, firewallSettingFailureResponsePacketSanityCheck, firewallSettingNetworkEngineMode, firewallSettingEventLogFileSizeMax, antiMalwareSettingMalwareScanMultithreadedProcessingEnabled, firewallSettingReconnaissanceDetectTcpSynFinScanEnabled, firewallSettingEngineOptionDropIpZeroPayloadEnabled, firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled, intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled, antiMalwareSettingPredictiveMachineLearningExceptions, firewallSettingEngineOptionLogEventsPerSecondMax, firewallSettingEngineOptionSslSessionTime, antiMalwareSettingBehaviorMonitoringScanExclusionList, antiMalwareSettingSmartProtectionGlobalServerEnabled, firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled, firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled, platformSettingHeartbeatInactiveVmOfflineAlertEnabled, webReputationSettingSmartProtectionWebReputationGlobalServerProxyId, antiMalwareSettingNsxSecurityTaggingEnabled, firewallSettingAntiEvasionCheckFragmentedPackets, firewallSettingEngineOptionConnectionsNumIcmpMax, firewallSettingAntiEvasionCheckTcpSplitHandshake, antiMalwareSettingCombinedModeProtectionSource, firewallSettingEngineOptionEventNodesMax, webReputationSettingMonitorPortListId, applicationControlSettingSyslogConfigId, firewallSettingAntiEvasionCheckOutNoConnection, firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled, integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax, firewallSettingReconnaissanceNotifyTcpNullScanEnabled, firewallSettingEngineOptionIgnoreStatusCode1, firewallSettingEngineOptionIgnoreStatusCode0, firewallSettingEngineOptionIgnoreStatusCode2, firewallSettingEngineOptionSslSessionSize, antiMalwareSettingScanCacheRealTimeConfigId, platformSettingRecommendationOngoingScansInterval, platformSettingSmartProtectionGlobalServerUseProxyEnabled, firewallSettingInterfaceLimitOneActiveEnabled, firewallSettingAntiEvasionCheckTcpChecksum, firewallSettingEngineOptionDropIpv6ExtType0Enabled, antiMalwareSettingScanFileSizeMaxMbytes, firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled, antiMalwareSettingFileHashSizeMaxMbytes, firewallSettingEventLogFileCachedEntriesLifeTime, platformSettingSmartProtectionGlobalServerProxyId, logInspectionSettingAutoApplyRecommendationsEnabled, antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled, webReputationSettingBlockingPageLink, firewallSettingSyslogConfigId, platformSettingAgentCommunicationsDirection, integrityMonitoringSettingScanCacheConfigId, antiMalwareSettingDocumentExploitProtectionRuleExceptions, firewallSettingAntiEvasionCheckTcpSynWithData, antiMalwareSettingFileHashEnabled, firewallSettingReconnaissanceBlockFingerprintProbeDuration, firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled, firewallSettingEngineOptionBootStartTimeout, firewallSettingEngineOptionConnectionsNumTcpMax, firewallSettingAntiEvasionSecurityPosture, firewallSettingInterfacePatterns, firewallSettingInterfaceIsolationEnabled, antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax, firewallSettingEventsOutOfAllowedPolicyEnabled, firewallSettingAntiEvasionCheckEvasiveRetransmit, firewallSettingEngineOptionIcmpTimeout, integrityMonitoringSettingSyslogConfigId, firewallSettingEngineOptionConnectionCleanupTimeout, antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal, firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled, firewallSettingEngineOptionErrorTimeout, webReputationSettingAllowedUrls, firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled, firewallSettingEngineOptionFinWait1Timeout, firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled, activityMonitoringSettingSyslogConfigId, firewallSettingAntiEvasionCheckTcpSynRstFlags, antiMalwareSettingSpywareApprovedList, firewallSettingAntiEvasionCheckTcpUrgentFlags, intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel, intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled, firewallSettingEngineOptionLogAllPacketDataEnabled, firewallSettingAntiEvasionCheckTcpSynFinFlags, platformSettingHeartbeatInterval, firewallSettingEngineOptionFragmentSizeMin, antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled, firewallSettingReconnaissanceBlockNetworkOrPortScanDuration, integrityMonitoringSettingContentHashAlgorithm, antiMalwareSettingSmartScanState, firewallSettingConfigPackageExceedsAlertMaxEnabled, platformSettingEnvironmentVariableOverrides, firewallSettingEngineOptionFragmentOffsetMin, antiMalwareSettingSmartProtectionLocalServerUrls, firewallSettingEngineOptionSynRcvdTimeout, firewallSettingEventLogFileCachedEntriesNum, firewallSettingEngineOptionForceAllowIcmpType3Code4, firewallSettingReconnaissanceBlockTcpNullScanDuration, platformSettingSmartProtectionGlobalServerEnabled, integrityMonitoringSettingRealtimeEnabled, firewallSettingEngineOptionLastAckTimeout, firewallSettingReconnaissanceExcludeIpListId, platformSettingAgentSelfProtectionEnabled, firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled, firewallSettingAntiEvasionCheckFinNoConnection, firewallSettingEngineOptionDebugPacketNumMax, firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled, firewallSettingReconnaissanceEnabled, platformSettingHeartbeatLocalTimeShiftAlertThreshold, antiMalwareSettingFileHashMd5Enabled, firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled, firewallSettingEngineOptionSilentTcpConnectionDropEnabled, firewallSettingEngineOptionBlockSameSrcDstIpEnabled, firewallSettingEngineOptionForceAllowDhcpDns, firewallSettingReconnaissanceIncludeIpListId, firewallSettingEngineOptionsEnabled, firewallSettingReconnaissanceBlockTcpSynFinScanDuration, webReputationSettingSecurityBlockUntestedPagesEnabled, webReputationSettingAllowedUrlDomains, firewallSettingEventLogFileIgnoreSourceIpListId, firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled, platformSettingAutoAssignNewIntrusionPreventionRulesEnabled, firewallSettingAntiEvasionCheckRstNoConnection, webReputationSettingBlockedUrls, platformSettingCombinedModeNetworkGroupProtectionSource, webReputationSettingAlertingEnabled, antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled, integrityMonitoringSettingCpuUsageLevel, platformSettingAutoUpdateAntiMalwareEngineEnabled, intrusionPreventionSettingCombinedModeProtectionSource. | Required |
| overrides | Show the value only if defined for the current policy. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.PolicySettings.policyId | integer | Policy Id of a Setting |
| TrendMicro.PolicySettings.name | string | Name of a Setting |
| TrendMicro.PolicySettings.value | string | Value of a Setting |
Command Example#
!trendmicro-reset-policy-setting name=firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled policy_id=105
Context Example#
Human Readable Output#
The Policy Setting#
Policy Id Name Value 105 firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled false
trendmicro-list-policies#
List all existing policies
Base Command#
trendmicro-list-policies
Input#
| Argument Name | Description | Required |
|---|---|---|
| overrides | Show only overrides defined for the current policy. Possible values are: true, false. Default is false. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| TrendMicro.Policies.parentID | integer | ID of the parent policy |
| TrendMicro.Policies.name | string | Name of the policy |
| TrendMicro.Policies.description | string | Description of the policy |
| TrendMicro.Policies.recommendationScanMode | string | Enable or disable ongoing recommendation scans for computers assigned this policy |
| TrendMicro.Policies.autoRequiresUpdate | string | Automatically update computers assigned this policy when the configuration changes |
Command Example#
!trendmicro-list-policies