Authentication

Trend Vision One uses token-based authentication to ensure that only legitimate accounts can use the APIs. Each authentication token is associated with a role that determines the actions the user can perform.

To access resources, requests must contain an authorization header with an authentication token. The following is an example of a request with a valid authorization header.

GET /v3.0/workbench/alerts HTTP/1.1
                Authorization: Bearer <your authentication token>

For more information about bearer token usage, see https://tools.ietf.org/html/rfc6750 .

Account Role Permissions

Each API method requires a specific set of access permissions. Access permissions are enabled on the Trend Vision One console.

The following table outlines the access permissions to apps and features needed to use the Trend Vision One public API.

API category

Account role permissions required

App

Permissions

Accounts

User Accounts

  • View

  • Configure account settings

User Roles

  • View

Alerts / Workbench

Workbench

  • View, filter, and search

  • Modify alert details

Detection Model Management

  • View, filter, and search (Detection Models tab)

  • Enable/Disable models

Audit Logs

Audit Logs

  • View, filter, and search

  • Export And Download

Connected Products

Product Connector

  • View

  • Connect/Disconnect products and edit descriptions

Notifications

Alert Notifications

  • View

  • Configure settings

Observed Attack Techniques

Observed Attack Techniques

  • View, filter, and search

Response Actions

Response Management

  • View, filter, and search (Task List tab)

  • View, filter and search (Custom Scripts tab)

  • Isolate endpoint

  • Collect file

  • Terminate process

  • Run custom script

  • Delete messages

  • Quarantine/Restore messages

  • Manage custom scripts

  • Download custom script

  • Download task result

Suspicious Object Management

  • View, filter, and search

  • Manage lists and configure settings

Single Sign-On

Single Sign-On

  • Manage metadata files

  • Enable/Disable SAML

Search

Search

  • View, filter, and search

Endpoint Inventory
  • View

SIEM

Third-party Integration

  • View

  • Configure settings

Threat Intelligence

Suspicious Object Management

  • View, filter, and search

  • Manage lists and configure settings

Intelligence Feeds

  • View, filter, search, and download results

  • Add/delete custom reports

  • Download STIX Intelligence Reports

  • Start sweeping (custom reports)

  • Start sweeping (STIX-Shifter)

Sandbox Analysis

  • View, filter, and search

  • Submit objects

Risk Insights

Reports

  • View, configure, and download
Tip:

For the complete Trend Vision One API documentation, visit the Trend Vision One Automation Center.