From cef61c7befa79e69f42ccb6e2730d719fd91ebb7 Mon Sep 17 00:00:00 2001 From: Peter Kuik Date: Thu, 16 Nov 2023 20:20:08 +0100 Subject: [PATCH 1/5] minor rebrand --- README.md | 32 ++++++++++++++++---------------- manual_readme_content.md | 14 +++++++------- release_notes/unreleased.md | 1 + trendmicrovisionone.json | 18 +++++++++--------- trendmicrovisionone_connector.py | 2 +- 5 files changed, 34 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index e2a72f7..bd7be97 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [comment]: # "Auto-generated SOAR connector documentation" -# Trend Micro Vision One for Splunk SOAR +# Trend Vision One for Splunk SOAR Publisher: Trend Micro Connector Version: 2.2.0 @@ -8,12 +8,12 @@ Product Name: VisionOne Product Version Supported (regex): ".\*" Minimum Product Version: 5.5.0 -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection -Trend Micro Vision One for Splunk SOAR +Trend Vision One for Splunk SOAR ====================================== -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection Splunk> Phantom =============== @@ -46,25 +46,25 @@ The app uses HTTPS protocol for communicating with the VisionOne API server. Bel ### Configuration Variables -The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Micro Vision One asset in SOAR. +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Vision One asset in SOAR. | VARIABLE | REQUIRED | TYPE | DESCRIPTION | | --- | --- | --- | --- | | **api_url** | required | string | The URL for your ETP instance | | **api_key** | required | password | API key | -Configure Trend Micro Vision One on Splunk SOAR +Configure Trend Vision One on Splunk SOAR ----------------------------------------------- 1. Navigate to **Apps** \> **Unconfigured Apps** . -2. Search for Trend Micro Vision One. +2. Search for Trend Vision One. 3. Click **CONFIGURE NEW ASSET** to create and configure a new integration instance. 4. ALternatively click on **INSTALL APP** and drop a tarball of the app | **Parameter** | **Description** | **Required** | | --- | --- | --- | -| **Asset name** | Unique name for this Trend Micro Vision One instance runner asset | True | +| **Asset name** | Unique name for this Trend Vision One instance runner asset | True | | **Asset description** | Short description of the asset’s purpose | True | | **Product vendor** | Trend Micro | True | | **Product name** | Vision One | True | @@ -1426,7 +1426,7 @@ This version of the Trend Micro app is compatible with Splunk SOAR version **5.1 Authentication Information -------------------------- -The app uses HTTPS protocol for communicating with the Trend Micro Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. +The app uses HTTPS protocol for communicating with the Trend Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. * * * @@ -1630,7 +1630,7 @@ Adds an item to the Suspicious Objects list in Vision One Type: **contain** Read only: **False** -Adds an item from the Trend Micro Vision One Suspicious Objects list. +Adds an item from the Trend Vision One Suspicious Objects list. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -1655,7 +1655,7 @@ Removes an item from the Suspicious Objects list Type: **correct** Read only: **False** -Removes an item from the Trend Micro Vision One Suspicious Objects list. +Removes an item from the Trend Vision One Suspicious Objects list. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -1685,7 +1685,7 @@ Retrieve data from the quarantine email message and send the result to dashboard #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES @@ -1710,7 +1710,7 @@ Retrieve data from the delete email message and relay result to Splunk. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES @@ -2021,7 +2021,7 @@ Adds a note to an existing workbench alert Type: **generic** Read only: **False** -Adds a note to an existing workbench alert in Trend Micro Vision One. +Adds a note to an existing workbench alert in Trend Vision One. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -2048,7 +2048,7 @@ Updates the status of an existing workbench alert Type: **correct** Read only: **False** -Updates the status of an existing workbench alert in Trend Micro Vision One. +Updates the status of an existing workbench alert in Trend Vision One. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -2196,7 +2196,7 @@ Quarantine/Restore messages. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required) | string | +**email_identifiers** | required | Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required) | string | #### Action Output DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES diff --git a/manual_readme_content.md b/manual_readme_content.md index 524c183..89983e2 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,7 +1,7 @@ -Trend Micro Vision One for Splunk SOAR +Trend Vision One for Splunk SOAR ====================================== -Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection +Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection Splunk> Phantom =============== @@ -34,25 +34,25 @@ The app uses HTTPS protocol for communicating with the VisionOne API server. Bel ### Configuration Variables -The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Micro Vision One asset in SOAR. +The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Trend Vision One asset in SOAR. | VARIABLE | REQUIRED | TYPE | DESCRIPTION | | --- | --- | --- | --- | | **api_url** | required | string | The URL for your ETP instance | | **api_key** | required | password | API key | -Configure Trend Micro Vision One on Splunk SOAR +Configure Trend Vision One on Splunk SOAR ----------------------------------------------- 1. Navigate to **Apps** \> **Unconfigured Apps** . -2. Search for Trend Micro Vision One. +2. Search for Trend Vision One. 3. Click **CONFIGURE NEW ASSET** to create and configure a new integration instance. 4. ALternatively click on **INSTALL APP** and drop a tarball of the app | **Parameter** | **Description** | **Required** | | --- | --- | --- | -| **Asset name** | Unique name for this Trend Micro Vision One instance runner asset | True | +| **Asset name** | Unique name for this Trend Vision One instance runner asset | True | | **Asset description** | Short description of the asset’s purpose | True | | **Product vendor** | Trend Micro | True | | **Product name** | Vision One | True | @@ -1414,6 +1414,6 @@ This version of the Trend Micro app is compatible with Splunk SOAR version **5.1 Authentication Information -------------------------- -The app uses HTTPS protocol for communicating with the Trend Micro Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. +The app uses HTTPS protocol for communicating with the Trend Vision One server. For authentication a Vision One API Token is used by the Splunk SOAR Connector. * * * \ No newline at end of file diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index fbcb2fd..e8680e2 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1 +1,2 @@ **Unreleased** +* Minor rebrand from "Trend Micro Vision One" to "Trend Vision One" diff --git a/trendmicrovisionone.json b/trendmicrovisionone.json index 8ae7ff1..9b8fb2a 100644 --- a/trendmicrovisionone.json +++ b/trendmicrovisionone.json @@ -1,7 +1,7 @@ { "appid": "f36c99d8-16ed-4b65-be03-d93511d721dd", - "name": "Trend Micro Vision One for Splunk SOAR", - "description": "Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers\u2014email, endpoints, servers, cloud workloads, and networks\u2014Trend Micro Vision One prevents the majority of attacks with automated protection", + "name": "Trend Vision One for Splunk SOAR", + "description": "Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers\u2014email, endpoints, servers, cloud workloads, and networks\u2014Trend Vision One prevents the majority of attacks with automated protection", "type": "endpoint", "product_vendor": "Trend Micro", "logo": "logo_trendmicrovisionone.svg", @@ -510,7 +510,7 @@ "action": "add to blocklist", "identifier": "add_to_blocklist", "description": "Adds an item to the Suspicious Objects list in Vision One", - "verbose": "Adds an item from the Trend Micro Vision One Suspicious Objects list.", + "verbose": "Adds an item from the Trend Vision One Suspicious Objects list.", "type": "contain", "read_only": false, "parameters": { @@ -575,7 +575,7 @@ "action": "remove from blocklist", "identifier": "remove_from_blocklist", "description": "Removes an item from the Suspicious Objects list", - "verbose": "Removes an item from the Trend Micro Vision One Suspicious Objects list.", + "verbose": "Removes an item from the Trend Vision One Suspicious Objects list.", "type": "correct", "read_only": false, "parameters": { @@ -645,7 +645,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 @@ -710,7 +710,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 @@ -1702,7 +1702,7 @@ "action": "add note", "identifier": "add_note", "description": "Adds a note to an existing workbench alert", - "verbose": "Adds a note to an existing workbench alert in Trend Micro Vision One.", + "verbose": "Adds a note to an existing workbench alert in Trend Vision One.", "type": "generic", "read_only": false, "parameters": { @@ -1784,7 +1784,7 @@ "action": "update status", "identifier": "update_status", "description": "Updates the status of an existing workbench alert", - "verbose": "Updates the status of an existing workbench alert in Trend Micro Vision One.", + "verbose": "Updates the status of an existing workbench alert in Trend Vision One.", "type": "correct", "read_only": false, "parameters": { @@ -2190,7 +2190,7 @@ "read_only": false, "parameters": { "email_identifiers": { - "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Micro Vision One message activity data. (Required)", + "description": "Email Message ID (), Mailbox ID and description or Unique Message ID (msgUuid) and description from Trend Vision One message activity data. (Required)", "data_type": "string", "required": true, "order": 0 diff --git a/trendmicrovisionone_connector.py b/trendmicrovisionone_connector.py index ccab027..bc50b6e 100644 --- a/trendmicrovisionone_connector.py +++ b/trendmicrovisionone_connector.py @@ -52,7 +52,7 @@ def __init__(self): self._state: Dict[str, Any] = {} self.config: Dict[str, Any] = {} - self.app = "Trend Micro Vision One V3" + self.app = "Trend Vision One V3" # Variable to hold a base_url in case the app makes REST calls # Do note that the app json defines the asset config, so please # modify this as you deem fit. From 70110e80f24a2c852071afa40a75850ad15a1fb3 Mon Sep 17 00:00:00 2001 From: Peter Kuik Date: Fri, 8 Dec 2023 17:25:54 +0100 Subject: [PATCH 2/5] minimum product version bump --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bd7be97..83ba32c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Connector Version: 2.2.0 Product Vendor: Trend Micro Product Name: VisionOne Product Version Supported (regex): ".\*" -Minimum Product Version: 5.5.0 +Minimum Product Version: 6.1.1 Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection From a89819fc0d7444567e9e988c38319a710f381695 Mon Sep 17 00:00:00 2001 From: Peter Kuik Date: Mon, 11 Dec 2023 10:10:37 +0100 Subject: [PATCH 3/5] correct min_phantom_version bump --- trendmicrovisionone.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trendmicrovisionone.json b/trendmicrovisionone.json index 9b8fb2a..6b05ca3 100644 --- a/trendmicrovisionone.json +++ b/trendmicrovisionone.json @@ -15,7 +15,7 @@ "utctime_updated": "2023-05-20T10:58:51.000000Z", "package_name": "phantom_trendmicrovisionone", "main_module": "trendmicrovisionone_connector.py", - "min_phantom_version": "5.5.0", + "min_phantom_version": "6.1.1", "app_wizard_version": "1.0.0", "fips_compliant": false, "configuration": { From d1c0e7e4f34b23e6e81ab30306d5a0a39b88c9c7 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Dec 2023 03:50:36 -0800 Subject: [PATCH 4/5] Bumped up the version of trendmicrovisionone from 2.2.0 to 2.2.1 --- trendmicrovisionone.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/trendmicrovisionone.json b/trendmicrovisionone.json index 6b05ca3..e442836 100644 --- a/trendmicrovisionone.json +++ b/trendmicrovisionone.json @@ -11,8 +11,8 @@ "product_version_regex": ".*", "publisher": "Trend Micro", "license": "Copyright (c) Trend Micro, 2022-2023", - "app_version": "2.2.0", - "utctime_updated": "2023-05-20T10:58:51.000000Z", + "app_version": "2.2.1", + "utctime_updated": "2023-12-11T11:50:25.000000Z", "package_name": "phantom_trendmicrovisionone", "main_module": "trendmicrovisionone_connector.py", "min_phantom_version": "6.1.1", @@ -2945,4 +2945,4 @@ } ] } -} +} \ No newline at end of file From bfe4f9612d289e6ae0397e3ab223593595b359a4 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Dec 2023 03:51:13 -0800 Subject: [PATCH 5/5] Release notes for version 2.2.1 --- README.md | 4 ++-- release_notes/2.2.1.md | 1 + release_notes/unreleased.md | 1 - 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 release_notes/2.2.1.md diff --git a/README.md b/README.md index 83ba32c..00905a0 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ # Trend Vision One for Splunk SOAR Publisher: Trend Micro -Connector Version: 2.2.0 +Connector Version: 2.2.1 Product Vendor: Trend Micro Product Name: VisionOne Product Version Supported (regex): ".\*" -Minimum Product Version: 6.1.1 +Minimum Product Version: 6.1.1 Trend Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Vision One prevents the majority of attacks with automated protection diff --git a/release_notes/2.2.1.md b/release_notes/2.2.1.md new file mode 100644 index 0000000..c6e9cf6 --- /dev/null +++ b/release_notes/2.2.1.md @@ -0,0 +1 @@ +* Minor rebrand from "Trend Micro Vision One" to "Trend Vision One" \ No newline at end of file diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index e8680e2..fbcb2fd 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,2 +1 @@ **Unreleased** -* Minor rebrand from "Trend Micro Vision One" to "Trend Vision One"