Trend Micro Deep Security

Integration version: 5.0

Configure Trend Micro Deep Security to work with Google Security Operations SOAR

To create a new API key:

  1. Navigate to Administration > User Management > API Keys.
  2. Click New.
  3. In the Properties window, enter a Name and Description for the API key.
  4. Click on the Role list and select a role.
  5. Next, select a Language and a Time Zone. You can also select Expires on, which is optional, for expiry date for the API key.
  6. Click OK.
  7. Copy the Secret key value. Make sure to copy the secret key value now, because this is the only time it will be shown.

Configure Trend Micro Deep Security integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Assign Security Profile to Host

Description

Assign the specified policy to computers.

Parameters

Parameter Type Default Value Description
Security Profile Name String N/A Policy Name.

Use cases

N/A

Run On

This action runs on the Hostname entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_assigned True/False is_assigned:False
JSON Result
N/A

Get Host Info

Description

Describe a computer.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Hostname entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Security Profiles

Description

Get all of the policies from Deep Security.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Ping

Description

Verifies that the user has a connection to Trend Micro Deep Security via the user's device.

Parameters

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_ connected True/False is_connected:False
JSON Result
N/A

Scan Host

Description

Request a malware scan.

Parameters

Use cases

N/A

Run On

This action runs on the Hostname entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_ success True/False is_success:False
JSON Result
N/A