{ "name": "trend_micro_vision_one", "title": "TrendAI Vision One", "version": "2.12.1", "release": "ga", "description": "Collect logs from TrendAI Vision One with Elastic Agent.", "type": "integration", "download": "/epr/trend_micro_vision_one/trend_micro_vision_one-2.12.1.zip", "path": "/package/trend_micro_vision_one/2.12.1", "icons": [ { "src": "/img/trendai-vision-one-logo.svg", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-logo.svg", "title": "TrendAI Vision One Logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.4 || ~9.0.7 || ^9.1.4" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "edr_xdr", "siem", "network", "network_security" ], "signature_path": "/epr/trend_micro_vision_one/trend_micro_vision_one-2.12.1.zip.sig", "format_version": "3.3.2", "readme": "/package/trend_micro_vision_one/2.12.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/trendai-vision-one-alert-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-alert-dashboard-screenshot.png", "title": "TrendAI Vision One Alert Dashboard Screenshot", "size": "1300x1656", "type": "image/png" }, { "src": "/img/trendai-vision-one-audit-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-audit-dashboard-screenshot.png", "title": "TrendAI Vision One Audit Dashboard Screenshot", "size": "1300x1508", "type": "image/png" }, { "src": "/img/trendai-vision-one-detection-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-detection-dashboard-screenshot.png", "title": "TrendAI Vision One Detection Dashboard Screenshot", "size": "1300x1445", "type": "image/png" }, { "src": "/img/trendai-vision-one-endpoint-activity-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-endpoint-activity-dashboard-screenshot.png", "title": "TrendAI Vision One Endpoint Activity Dashboard Screenshot", "size": "1300x1698", "type": "image/png" }, { "src": "/img/trendai-vision-one-network-activity-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-network-activity-dashboard-screenshot.png", "title": "TrendAI Vision One Network Activity Dashboard Screenshot", "size": "1300x1445", "type": "image/png" }, { "src": "/img/trendai-vision-one-telemetry-dashboard-screenshot.png", "path": "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-telemetry-dashboard-screenshot.png", "title": "TrendAI Vision One Telemetry Dashboard Screenshot", "size": "1300x1108", "type": "image/png" } ], "assets": [ "/package/trend_micro_vision_one/2.12.1/LICENSE.txt", "/package/trend_micro_vision_one/2.12.1/changelog.yml", "/package/trend_micro_vision_one/2.12.1/manifest.yml", "/package/trend_micro_vision_one/2.12.1/validation.yml", "/package/trend_micro_vision_one/2.12.1/docs/README.md", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-alert-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-audit-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-detection-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-endpoint-activity-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-logo.svg", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-network-activity-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/img/trendai-vision-one-telemetry-dashboard-screenshot.png", "/package/trend_micro_vision_one/2.12.1/kibana/tags.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/sample_event.json", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/sample_event.json", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/sample_event.json", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/sample_event.json", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/sample_event.json", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/manifest.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/sample_event.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-02296130-0c1b-11ed-8d26-77f06c571b89.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-16edcded-6b80-45b9-a6fd-aa0caa5fab50.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-6b1783a3-767a-4379-99fd-b721081cd601.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-795c2840-0cda-11ed-ac7d-35d42be2de47.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-dc4fba10-0ce5-11ed-ac7d-35d42be2de47.json", "/package/trend_micro_vision_one/2.12.1/kibana/dashboard/trend_micro_vision_one-f4f72f6b-e196-4c08-aa4c-cda69db25ee4.json", "/package/trend_micro_vision_one/2.12.1/kibana/search/trend_micro_vision_one-89e6e9b0-0c1d-11ed-8d26-77f06c571b89.json", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/fields/base-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/fields/beats.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/fields/ecs-fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/fields/fields.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/agent/stream/httpjson.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/alert/elasticsearch/ingest_pipeline/default.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/agent/stream/httpjson.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/audit/elasticsearch/ingest_pipeline/default.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/agent/stream/httpjson.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/detection/elasticsearch/ingest_pipeline/default.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/agent/stream/cel.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/endpoint_activity/elasticsearch/ingest_pipeline/default.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/agent/stream/cel.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/network_activity/elasticsearch/ingest_pipeline/default.yml", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/agent/stream/cel.yml.hbs", "/package/trend_micro_vision_one/2.12.1/data_stream/telemetry/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "trend_micro_vision_one", "title": "TrendAI Vision One", "description": "Collect logs from TrendAI Vision One.", "inputs": [ { "type": "httpjson", "vars": [ { "name": "hostname", "type": "text", "title": "Regional Domain URL", "description": "TrendAI Vision One URL to connect to the API. The URL domain used for this configuration is the domain for the region where your service endpoint is hosted. See the [Trend Vision One documentation](https://automation.trendmicro.com/xdr/Guides/Regional-domains) for the domain for your region. Enter the the HTTPS URL for your domain, `https://` without any trailing slash. ", "multi": false, "required": true, "show_user": false }, { "name": "api_token", "type": "password", "title": "API Token", "description": "API Token with API Access Level type.", "multi": false, "required": true, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect TrendAI Vision One alert, audit, and detection logs using API", "description": "Collecting TrendAI Vision One alert, audit, and detection logs using API." }, { "type": "cel", "vars": [ { "name": "hostname", "type": "text", "title": "Regional Domain URL", "description": "TrendAI Vision One URL to connect to the API. The URL domain used for this configuration is the domain for the region where your service endpoint is hosted. See the [Trend Vision One documentation](https://automation.trendmicro.com/xdr/Guides/Regional-domains) for the domain for your region. Enter the the HTTPS URL for your domain, `https://` without any trailing slash. ", "multi": false, "required": true, "show_user": false }, { "name": "api_token", "type": "password", "title": "API Token", "description": "API Token with API Access Level type.", "multi": false, "required": true, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect TrendAI Vision One endpoint and network activity logs using API, along with telemetry data through the Datalake Pipeline API", "description": "Collecting TrendAI Vision One endpoint and network activity logs using API, along with telemetry data through the Datalake Pipeline API." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "trend_micro_vision_one.alert", "title": "Collect alert logs from TrendAI Vision One", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the alerts from TrendAI Vision One. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "additional_look_back", "type": "text", "title": "Additional Look-back Time", "description": "Adds time to the interval to prevent missed events if they occur. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "0s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-alert" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.alert fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "template_path": "httpjson.yml.hbs", "title": "Alert", "description": "Collect alert logs from TrendAI Vision One.", "enabled": true, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "alert" }, { "type": "logs", "dataset": "trend_micro_vision_one.audit", "title": "Collect audit logs from TrendAI Vision One", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the audits from TrendAI Vision One. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "page_size", "type": "integer", "title": "Page Size", "description": "Page Size for the response of the TrendAI Vision One API. Allowed values are 50, 100, and 200.", "multi": false, "required": true, "show_user": true, "default": 200 }, { "name": "additional_look_back", "type": "text", "title": "Additional Look-back Time", "description": "Adds time to the interval to prevent missed events if they occur. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "0s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-audit" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.audit fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "template_path": "httpjson.yml.hbs", "title": "Audit", "description": "Collect audit logs from TrendAI Vision One.", "enabled": true, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "audit" }, { "type": "logs", "dataset": "trend_micro_vision_one.detection", "title": "Collect detection logs from TrendAI Vision One", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the detections from TrendAI Vision One. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "5m" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "page_size", "type": "integer", "title": "Page Size", "description": "Page Size for the response of the TrendAI Vision One API.", "multi": false, "required": true, "show_user": true, "default": 1000 }, { "name": "additional_look_back", "type": "text", "title": "Additional Look-back Time", "description": "Adds time to the interval to prevent missed events if they occur. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "0s" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-detection" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.detection fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "template_path": "httpjson.yml.hbs", "title": "Detection", "description": "Collect detection logs from TrendAI Vision One.", "enabled": true, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "detection" }, { "type": "logs", "dataset": "trend_micro_vision_one.endpoint_activity", "title": "Collect endpoint activity logs from TrendAI Vision One", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the endpoint activity logs from TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the TrendAI Vision One API. Values above 200 may cause out-of-memory failures on memory-constrained agents.", "multi": false, "required": true, "show_user": false, "default": 200 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-endpoint_activity" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.endpoint_activity fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Endpoint Activity", "description": "Collect endpoint activity logs from TrendAI Vision One.", "enabled": false, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "endpoint_activity" }, { "type": "logs", "dataset": "trend_micro_vision_one.network_activity", "title": "Collect network activity logs from TrendAI Vision One", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the network activity logs from TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the TrendAI Vision One API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the TrendAI Vision One API. Values above 200 may cause out-of-memory failures on memory-constrained agents.", "multi": false, "required": true, "show_user": false, "default": 200 }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-network_activity" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.network_activity fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Network Activity", "description": "Collect network activity logs from TrendAI Vision One.", "enabled": false, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "network_activity" }, { "type": "logs", "dataset": "trend_micro_vision_one.telemetry", "title": "Collect telemetry data from the Datalake Pipeline API", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "interval", "type": "text", "title": "Interval", "description": "Time to wait between checks for new data. The source ingests data at least every 2 minutes. TrendAI recommends to get data every 15m. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "15m" }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "trend_micro_vision_one-telemetry" ] }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve trend_micro_vision_one.telemetry fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": true, "show_user": false, "default": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "hard_coded_pipeline_id", "type": "text", "title": "Hard-coded Pipeline ID", "description": "Debug use only! The ID of a manually registered pipeline to consume from.", "multi": false, "required": false, "show_user": false }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Debug use only! Amount of old data to fetch. Only effective if resuming consumption of a previously registered pipeline. Maximum of 168h. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "24h" }, { "name": "top", "type": "integer", "title": "Page Size", "description": "Debug use only! Number of package IDs requested per page. Valid values are 50, 100, 200, 500.", "multi": false, "required": true, "show_user": false, "default": 500 }, { "name": "max_recency", "type": "text", "title": "Maximum Recency", "description": "Debug use only! Package IDs will not be requested until they reach this age. The API documentation recommends at least 30s. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "max_time_range", "type": "text", "title": "Maximum Time Range", "description": "Debug use only! The maximum time range covered by an individual request. The API requires this to be 1h or shorter. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "1h" }, { "name": "min_time_range", "type": "text", "title": "Minimum Time Range", "description": "Debug use only! After retrieving a package, a check for new package IDs will only be performed immediately if it covers a time range at least this long. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "1m" }, { "name": "managed_pipeline_description", "type": "text", "title": "Managed Pipeline Description", "description": "Debug use only! The description value of the pipeline created or used by the integration. This value must not conflict with descriptions used by other users of the API.", "multi": false, "required": true, "show_user": false, "default": "managed-by-elastic-integrations-trend_micro_vision_one-telemetry" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details.", "multi": false, "required": false, "show_user": false, "default": false } ], "template_path": "cel.yml.hbs", "title": "Telemetry", "description": "Collect telemetry data from the Datalake Pipeline API.", "enabled": false, "ingestion_method": "API" } ], "package": "trend_micro_vision_one", "path": "telemetry" } ] }