Summary
In order for the Check Point MDR team to monitor your logs from your Trend Vision One environment, we will require a Token with the "Senior Analyst" Role and a defined region.
If you need any assistance with this procedure, please open a ticket in the MDR Customer portal under "MDR Support" or if you are currently onboarding reply to your welcome email, and we will schedule a time to assist.
Note: We will need these two items filled in on the MDR customer portal profile page when adding the integration also ensure the procedure outlined below is completed before adding:
- Token (Generated within Trend Vision One Portal)
- Region (Drop Down List) - Choose the region your Trend Micro Vision One instance is hosted in
- United States
- Australia
- European Union
- India
- Japan
- Singapore
Procedure
Creating the Account and API Token
1. Sign into the Trend Vision One Portal - with administrator permissions
2. Go to Administration > API Keys > Add API Key
3. Fill out the required information:
- Name for your reference
- Role "Senior Analyst
- Expiration Time (No expiration to avoid regular rotation or set a date noting you will need to update it before expiration)
Take note of the token and save it to plug into the MDR portal.
Remediation
Proceed to the Infinity Portal and head to the MDR Profile tab. Under Remediation Excluded Hosts, you will need to enter an IP Address. If you do not have a host to exclude, please use a default address, such as 1.1.1.1 (There will need to be at least one entry before the system allows you to configure Remediation.)
- In the integration you will see an option at the bottom called "Remediation". Click on the Blue Configure button to begin the setup process.
- Next, select your desired Isolation/Remediation option: Do not perform remediations, Requires approval, Always approve. Hit Save at the bottom complete this process.
Note: Please contact MDR Support by creating a ticket in your MDR Portal if you would like to schedule a test to verify your Remediation (Host Isolation).