Trend Micro Threat Indicator Assessment for Splunk scans endpoint activity data for file-based threat indicators from global intelligence sources. During scans, the app checks if any of the indicators match event data from the last seven days. The app only supports data that complies with the Splunk Common Information Model (CIM).

Trend Micro Risk Insights for Splunk extracts web access logs from Splunk and uploads the data to Trend Micro XDR, which analyzes the data and provides insight into the following:

The Trend Micro Vision One for Splunk (XDR) add-on allows you to view all your XDR data directly on the Splunk dashboard. Get important XDR information such as the severity score and model name. You can click any alert to open the Trend Micro Vision One Workbench to start an investigation immediately.

Trend Micro Deep Security for Splunk contains parsing logic, saved searches, and dashboards for monitoring Trend Micro Deep Security through Splunk. To use the app, you must configure Deep Security to send event data in Common Event Format (CEF). The app parses the syslog messages and extracts the appropriate fields, including custom key-value pairs.

The app enables Splunk to ingest and transform logs from Trend Micro Apex One as a Service that follow the Common Event Format (CEF) schema. You must specify the correct server URL, application ID, and API key to use the app. After successful installation, Splunk begins pulling data as new events occur.

The app enables Splunk to ingest and transform detection data for cloud applications and services that are protected by Cloud App Security. You must specify the correct app URL, authentication token, and Splunk dashboard configuration template to use the app. After successful installation, Splunk begins pulling data as new detections occur.

The Trend Micro XDR connector enables Azure Sentinel to automatically ingest Workbench alert data through the Trend Micro XDR API. With this data you can view dashboards and create custom alerts that enhance your monitoring and investigation capabilities. To start sending data, go to the Azure Sentinel portal, select the connector in the data connector list, and follow the instructions on the page.

The Trend Micro Deep Security connector enables Azure Sentinel to automatically ingest Deep Security logs that follow the Common Event Format (CEF) schema. With this data you can view dashboards and create custom alerts that enhance your monitoring and investigation capabilities. To start sending data, go to the Azure Sentinel portal, select the connector in the data connector list, and follow the instructions on the page.

The Trend Micro TippingPoint connector enables Azure Sentinel to automatically ingest TippingPoint logs that follow the Common Event Format (CEF) schema. With this data you can view dashboards and create custom alerts that enhance your monitoring and investigation capabilities. To start sending data, go to the Azure Sentinel portal, select the connector in the data connector list, and follow the instructions on the page.

The connector enables IBM Cloud Pak for Security to perform a federated search for threat indicators across one or more instances of Trend Micro Vision One. With the connector, you can run automated or manual scans, gain better visibility into your security posture, and streamline incident response workflows.