SUPPORTED AUTOMATION
      Back to home
      1. KNOWLEDGE BASE
      2. AUTOMATION
      3. SUPPORTED AUTOMATION

      TrendMicro

      Trend Micro is a cloud-client content security infrastructure that delivers global threat intelligence to protect from online threats, such as data stealing malware, phishing attacks, and other web, email, and mobile threats. It helps to deliver continuously updated protection to stop phishing, ransomware, Business Email Compromise (BEC) scams, spam and other advanced email threats before they reach your network. It provides advanced protection for Microsoft™ Exchange Server, Microsoft Office 365, Google™ Gmail, and other cloud or on-premises email solutions.

      Examples

      Listed below are some of the examples to configure a Webhook connection for the following use cases:

      • TrendMicro XDR: Block IP
      • TrendMicro XDR: Block URL
      • TrendMicro XDR: Block Domain
      • TrendMicro XDR: Block Email
      • TrendMicro XDR: Block FileHash

      TrendMicro XDR: Block IP

      Below is an example on how you can leverage this integration to block an IP using TrendMicro

      URL

      https://api.xdr.trendmicro.com/v2.0/xdr/response/block
      Header
      {"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}
       

      Payload

      {
        "valueType":"ip",
         "targetValue":"$SrcIP",
         "productId":"DNIF",
         "description":"Blocking malicious IP"
      }
      image 1-Dec-21-2023-08-56-08-3020-AM

      TrendMicro: Block IP, blocks the resource i.e IP on your TrendMicro account based on the values given in the payload.

      image 2-Dec-21-2023-08-57-23-4819-AM

      In the above figure, a workbook named Suspicious Remote Desktop Network Activity is executed which contains the following blocks:

      image 3-Dec-21-2023-08-57-56-7246-AM

      • SQL Block: Displays two suspicious Destination IPs on execution of the workbook

      image 4-Dec-21-2023-09-03-51-2678-AM

      • Signal Block: This will raise a signal on detecting the suspicious IPs.

      image 5-Dec-21-2023-09-04-19-4812-AM

      • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block IP, the IP is blocked on your TrendMicro account based on the values given in the payload.

      image 6-Dec-21-2023-09-05-19-9292-AM

      TrendMicro XDR: Block URL

        Below is an example on how you can leverage this integration to block an URL using TrendMicro.

        URL

        https://api.xdr.trendmicro.com/v2.0/xdr/response/block

        Header

        {"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

        Payload

        {
           "valueType":"url",
           "targetValue":"$URL",
           "productId":"DNIF",
           "description":"Blocking malicious URL"
        }
        705

        TrendMicro: Block URL, blocks the resource i.e URL on your TrendMicro account based on the values given in the payload.

        image 7-Dec-21-2023-09-20-42-8300-AM

        In the above figure, a workbook named Threat Malicious URL is executed which contains the following blocks:

        image 9-Dec-21-2023-09-23-22-4822-AM

        • SQL Block: Displays a malicious URL which is considered as threat.

        image 10-Dec-21-2023-09-24-12-7619-AM

        • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block URL, the URL is blocked on your TrendMicro account based on the values given in the payload.

        image 11-Dec-21-2023-09-26-59-9480-AM

        TrendMicro XDR: Block Domain

          Below is an example on how you can leverage this integration to block an domain using TrendMicro

          URL

          https://api.xdr.trendmicro.com/v2.0/xdr/response/block

          Header

          {"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

          Payload
          {
             "valueType":"domain",
             "targetValue":"$Domain",
             "productId":"DNIF",
             "description":"Blocking malicious Domain"
          }
          image 12-Dec-21-2023-09-46-51-4499-AM

          TrendMicro: Block Domain, blocks the resource i.e Domain on your TrendMicro account based on the values given in the payload.

          image 13-Dec-21-2023-09-47-02-8153-AM

          In the above figure, a workbook named Threat Malicious URL is executed which contains the following blocks:

          image 14-Dec-21-2023-09-53-14-3862-AM

          • SQL Block: Displays one malicious URL which is considered as threat.

          image 14-Dec-21-2023-09-53-14-3862-AM

          • Code Block: This will extract the domain from that URL and save it in column $Domain.

          image 16-Dec-21-2023-09-56-13-1518-AM

          • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block Domain, the domain is blocked on your TrendMicro account based on the values given in the payload.

          image 17-Dec-21-2023-09-57-26-0572-AM

          TrendMicro XDR: Block Email

          • In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
          • Identify the content of headers and payload that you need to provide in the Configuration Box.
          • Ensure you enable the integration, once it is configured and validated.

            Below is an example on how you can leverage this integration to block an Email using TrendMicro

            URL

            https://api.xdr.trendmicro.com/v2.0/xdr/response/block
            Header
            {"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}
            Payload
            {
               "valueType":"mailbox",
               "targetValue":"$Sender",
               "productId":"DNIF",
               "description":"Blocking malicious Email"
            }
            image 18-4

            TrendMicro: Block Email, blocks the resource i.e Email on your TrendMicro account based on the values given in the payload.

            image 19-1

            In the above figure, a workbook named Email Threats is executed which contains the following blocks:

            image 20-2

            • SQL Block: Displays five emails that are considered as threats.

            image 21-1

            • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block Email, all the emails are blocked on your TrendMicro account based on the values given in the payload.

            image 22-2

            TrendMicro XDR: Block FileHash

            • In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
            • Identify the content of headers and payload that you need to provide in the Configuration Box.
            • Ensure you enable the integration, once it is configured and validated.

            Below is an example on how you can leverage this integration to block an File Hash SHA1 using TrendMicro.

            URL

            https://api.xdr.trendmicro.com/v2.0/xdr/response/block
            Header
            {"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}
            Payload
            {
               "valueType":"file_sha1",
               "targetValue":"$ConfigurationFileHash",
               "productId":"DNIF",
               "description":"Blocking malicious File Hash"
            }
            image 23-1

            TrendMicro: Block FileHash, blocks the resource i.e FileHash on your TrendMicro account based on the values given in the payload.

            image 24-1

            In the above figure, a workbook named Hash value WB is executed which contains the following blocks:

            image 25-1

            • Search Block: Displays a File Hash value which is considered a threat.

            image 26

            • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block FileHash, the File Hash is blocked on your TrendMicro account based on the values given in the payload.

            image 27