diff --git a/README.md b/README.md index e2a72f7..00905a0 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,19 @@ [comment]: # "Auto-generated SOAR connector documentation" -# Trend Micro Vision One for Splunk SOAR +# Trend Vision One for Splunk SOAR Publisher: Trend Micro -Connector Version: 2.2.0 +Connector Version: 2.2.1 Product Vendor: Trend Micro Product Name: VisionOne Product Version Supported (regex): ".\*" -Minimum Product Version: 5.5.0 +Minimum Product Version: 6.1.1 -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection -Trend Micro Vision One for Splunk SOAR +Trend Vision One for Splunk SOAR ====================================== -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection Splunk> Phantom =============== @@ -46,25 +46,25 @@ The app uses HTTPS protocol for communicating with the VisionOne API server. Bel ### Configuration Variables -The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Micro Vision One asset in SOAR. +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Vision One asset in SOAR. | VARIABLE | REQUIRED | TYPE | DESCRIPTION | | --- | --- | --- | --- | | **api_url** | required | string | The URL for your ETP instance | | **api_key** | required | password | API key | -Configure Trend Micro Vision One on Splunk SOAR +Configure Trend Vision One on Splunk SOAR ----------------------------------------------- 1. Navigate to **Apps** \> **Unconfigured Apps** . -2. Search for Trend Micro Vision One. +2. Search for Trend Vision One. 3. Click **CONFIGURE NEW ASSET** to create and configure a new integration instance. 4. ALternatively click on **INSTALL APP** and drop a tarball of the app | **Parameter** | **Description** | **Required** | | --- | --- | --- | -| **Asset name** | Unique name for this Trend Micro Vision One instance runner asset | True | +| **Asset name** | Unique name for this Trend Vision One instance runner asset | True | | **Asset description** | Short description of the asset’s purpose | True | | **Product vendor** | Trend Micro | True | | **Product name** | Vision One | True | @@ -1426,7 +1426,7 @@ This version of the Trend Micro app is compatible with Splunk SOAR version **5.1 Authentication Information -------------------------- -The app uses HTTPS protocol for communicating with the Trend Micro Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. +The app uses HTTPS protocol for communicating with the Trend Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. * * * @@ -1630,7 +1630,7 @@ Adds an item to the Suspicious Objects list in Vision One Type: **contain** Read only: **False** -Adds an item from the Trend Micro Vision One Suspicious Objects list. +Adds an item from the Trend Vision One Suspicious Objects list. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -1655,7 +1655,7 @@ Removes an item from the Suspicious Objects list Type: **correct** Read only: **False** -Removes an item from the Trend Micro Vision One Suspicious Objects list. +Removes an item from the Trend Vision One Suspicious Objects list. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -1685,7 +1685,7 @@ Retrieve data from the quarantine email message and send the result to dashboard #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES @@ -1710,7 +1710,7 @@ Retrieve data from the delete email message and relay result to Splunk. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES @@ -2021,7 +2021,7 @@ Adds a note to an existing workbench alert Type: **generic** Read only: **False** -Adds a note to an existing workbench alert in Trend Micro Vision One. +Adds a note to an existing workbench alert in Trend Vision One. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -2048,7 +2048,7 @@ Updates the status of an existing workbench alert Type: **correct** Read only: **False** -Updates the status of an existing workbench alert in Trend Micro Vision One. +Updates the status of an existing workbench alert in Trend Vision One. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -2196,7 +2196,7 @@ Quarantine/Restore messages. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES diff --git a/manual_readme_content.md b/manual_readme_content.md index 524c183..89983e2 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,7 +1,7 @@ -Trend Micro Vision One for Splunk SOAR +Trend Vision One for Splunk SOAR ====================================== -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection Splunk> Phantom =============== @@ -34,25 +34,25 @@ The app uses HTTPS protocol for communicating with the VisionOne API server. Bel ### Configuration Variables -The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Micro Vision One asset in SOAR. +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Vision One asset in SOAR. | VARIABLE | REQUIRED | TYPE | DESCRIPTION | | --- | --- | --- | --- | | **api_url** | required | string | The URL for your ETP instance | | **api_key** | required | password | API key | -Configure Trend Micro Vision One on Splunk SOAR +Configure Trend Vision One on Splunk SOAR ----------------------------------------------- 1. Navigate to **Apps** \> **Unconfigured Apps** . -2. Search for Trend Micro Vision One. +2. Search for Trend Vision One. 3. Click **CONFIGURE NEW ASSET** to create and configure a new integration instance. 4. ALternatively click on **INSTALL APP** and drop a tarball of the app | **Parameter** | **Description** | **Required** | | --- | --- | --- | -| **Asset name** | Unique name for this Trend Micro Vision One instance runner asset | True | +| **Asset name** | Unique name for this Trend Vision One instance runner asset | True | | **Asset description** | Short description of the asset’s purpose | True | | **Product vendor** | Trend Micro | True | | **Product name** | Vision One | True | @@ -1414,6 +1414,6 @@ This version of the Trend Micro app is compatible with Splunk SOAR version **5.1 Authentication Information -------------------------- -The app uses HTTPS protocol for communicating with the Trend Micro Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. +The app uses HTTPS protocol for communicating with the Trend Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. * * * \ No newline at end of file diff --git a/release_notes/2.2.1.md b/release_notes/2.2.1.md new file mode 100644 index 0000000..c6e9cf6 --- /dev/null +++ b/release_notes/2.2.1.md @@ -0,0 +1 @@ +* Minor rebrand from "Trend Micro Vision One" to "Trend Vision One" \ No newline at end of file diff --git a/trendmicrovisionone.json b/trendmicrovisionone.json index 8ae7ff1..e442836 100644 --- a/trendmicrovisionone.json +++ b/trendmicrovisionone.json @@ -1,7 +1,7 @@ { "appid": "f36c99d8-16ed-4b65-be03-d93511d721dd", - "name": "Trend Micro Vision One for Splunk SOAR", - "description": "Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers\u2014email, endpoints, servers, cloud workloads, and networks\u2014Trend Micro Vision One prevents the majority of attacks with automated protection", + "name": "Trend Vision One for Splunk SOAR", + "description": "Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers\u2014email, endpoints, servers, cloud workloads, and networks\u2014Trend Vision One prevents the majority of attacks with automated protection", "type": "endpoint", "product_vendor": "Trend Micro", "logo": "logo_trendmicrovisionone.svg", @@ -11,11 +11,11 @@ "product_version_regex": ".*", "publisher": "Trend Micro", "license": "Copyright (c) Trend Micro, 2022-2023", - "app_version": "2.2.0", - "utctime_updated": "2023-05-20T10:58:51.000000Z", + "app_version": "2.2.1", + "utctime_updated": "2023-12-11T11:50:25.000000Z", "package_name": "phantom_trendmicrovisionone", "main_module": "trendmicrovisionone_connector.py", - "min_phantom_version": "5.5.0", + "min_phantom_version": "6.1.1", "app_wizard_version": "1.0.0", "fips_compliant": false, "configuration": { @@ -510,7 +510,7 @@ "action": "add to blocklist", "identifier": "add_to_blocklist", "description": "Adds an item to the Suspicious Objects list in Vision One", - "verbose": "Adds an item from the Trend Micro Vision One Suspicious Objects list.", + "verbose": "Adds an item from the Trend Vision One Suspicious Objects list.", "type": "contain", "read_only": false, "parameters": { @@ -575,7 +575,7 @@ "action": "remove from blocklist", "identifier": "remove_from_blocklist", "description": "Removes an item from the Suspicious Objects list", - "verbose": "Removes an item from the Trend Micro Vision One Suspicious Objects list.", + "verbose": "Removes an item from the Trend Vision One Suspicious Objects list.", "type": "correct", "read_only": false, "parameters": { @@ -645,7 +645,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 @@ -710,7 +710,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 @@ -1702,7 +1702,7 @@ "action": "add note", "identifier": "add_note", "description": "Adds a note to an existing workbench alert", - "verbose": "Adds a note to an existing workbench alert in Trend Micro Vision One.", + "verbose": "Adds a note to an existing workbench alert in Trend Vision One.", "type": "generic", "read_only": false, "parameters": { @@ -1784,7 +1784,7 @@ "action": "update status", "identifier": "update_status", "description": "Updates the status of an existing workbench alert", - "verbose": "Updates the status of an existing workbench alert in Trend Micro Vision One.", + "verbose": "Updates the status of an existing workbench alert in Trend Vision One.", "type": "correct", "read_only": false, "parameters": { @@ -2190,7 +2190,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 @@ -2945,4 +2945,4 @@ } ] } -} +} \ No newline at end of file diff --git a/trendmicrovisionone_connector.py b/trendmicrovisionone_connector.py index ccab027..bc50b6e 100644 --- a/trendmicrovisionone_connector.py +++ b/trendmicrovisionone_connector.py @@ -52,7 +52,7 @@ def __init__(self): self._state: Dict[str, Any] = {} self.config: Dict[str, Any] = {} - self.app = "Trend Micro Vision One V3" + self.app = "Trend Vision One V3" # Variable to hold a base_url in case the app makes REST calls # Do note that the app json defines the asset config, so please # modify this as you deem fit.