Trend Micro Cloud App Security it integrates cloud-to-cloud with the protected applications and services to maintain high availability and administrative functionality.Here are the steps to follow for the ingestion of events to Seceon SIEM to have a Comprehensive visibility and Proactive Threat Detection in your Environment.
Step 1. Navigate to Provisioning by clicking on the Provisioning tab located in the top menu bar of the application.
Step 2. Drop down Add on devices by clicking on the downward-facing arrow next to the 'Add on devices' option in the menu.
To add Trend Micro Cloud App Security, follow the steps below:
Enter the name of the device.
Enter the CCE IP.
Access ID/username: Not required.
To generate the Secret Key/Authentication Token, please refer the below link:
Link- Generating an Authentication Token
After creating the token, copy the token and paste it into the password/Secret Key section.
Next, enter the valid JSON format in the last field. Please use the following JSON (host should be without https://):
{"events_list": ["securityrisk", "virtualanalyzer", "ransomware", "dlp"], "host": "<api-host>"}
Finally, click on the Save button to complete the process.
STEP 1:Log in to UI >> SYSTEM
STEP 2: >> Logs and flows collection status
STEP 3: >>To verify the source device IP from the UI:
Log in to the user interface
Navigate to the "SYSTEM" section
Look for the "SOURCE DEVICE IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP
This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..
