Authentication

TrendAI Vision One™ uses token-based authentication to ensure that only legitimate accounts can use the APIs. Each authentication token is associated with a role that determines the actions the user can perform.

To access resources, requests must contain an authorization header with an authentication token. The following is an example of a request with a valid authorization header.

GET /v3.0/workbench/alerts HTTP/1.1
                Authorization: Bearer <your authentication token>

For more information about bearer token usage, see https://tools.ietf.org/html/rfc6750 .

Account Role Permissions

Each API method requires a specific set of access permissions. Access permissions are enabled on the TrendAI Vision One™ console.

The following table outlines the access permissions to apps and features needed to use the TrendAI Vision One™ public API.

API category

Account role permissions required

App

Permissions

Accounts

User Accounts

  • View

  • Configure account settings

User Roles

  • View

Alerts / Workbench

Workbench

  • View, filter, and search

  • Modify alert details

Detection Model Management

  • View, filter, and search (Detection Models tab)

  • Enable/Disable models

Audit Logs

Audit Logs

  • View, filter, and search

  • Export And Download

Connected Products

Product Connector

  • View

  • Connect/Disconnect products and edit descriptions

Notifications

Alert Notifications

  • View

  • Configure settings

Observed Attack Techniques

Observed Attack Techniques

  • View, filter, and search

Response Actions

Response Management

  • View, filter, and search (Task List tab)

  • View, filter and search (Custom Scripts tab)

  • Isolate endpoint

  • Collect file

  • Terminate process

  • Run custom script

  • Delete messages

  • Quarantine/Restore messages

  • Manage custom scripts

  • Download custom script

  • Download task result

Suspicious Object Management

  • View, filter, and search

  • Manage lists and configure settings

Single Sign-On

Single Sign-On

  • Manage metadata files

  • Enable/Disable SAML

Search

Search

  • View, filter, and search

Endpoint Inventory
  • View

SIEM

Third-party Integration

  • View

  • Configure settings

Threat Intelligence

Suspicious Object Management

  • View, filter, and search

  • Manage lists and configure settings

Intelligence Feeds

  • View, filter, search, and download results

  • Add/delete custom reports

  • Download STIX Intelligence Reports

  • Start sweeping (custom reports)

  • Start sweeping (STIX-Shifter)

Sandbox Analysis

  • View, filter, and search

  • Submit objects

Risk Insights

Reports

  • View, configure, and download
Tip:

For the complete TrendAI Vision One™ API documentation, visit the TrendAI Vision One™ Automation Center.