Skip to main content

Cyware Orchestrate

Trend Micro Apex Central 1.0.0

App Vendor: Trend Micro

App Category: Forensics & Malware Analysis, Data Loss and Prevention

Connector Version: V1.0.0

API Version: V1.0.0

About App

Trend Micro Apex Central application offers centralized security management that helps security teams bridge the IT and SOC silos that often separate layers of protection and deployment models. This type of connected, centralized approach improves visibility and protection, reduces complexity, and eliminates redundant and repetitive tasks in security administration–all of which make your organization more secure and your life easier. This also allows you to manage product agents, product servers, and user-defined suspicious objects (UDSO) at the gateway, mail server, file server, and corporate desktop levels.

The Trend Micro Apex Central app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Get the list of product servers

This action retrieves the list of product servers from the Trend Micro Apex Central application.

Get a list of product agents

This action retrieves the list of product agents from the Trend Micro Apex Central application.

Isolate product agent

This action isolates the product agent in the Trend Micro Apex Central application.

Restore product agent

This action restores the product agent in the Trend Micro Apex Central application.

Get a list of user-defined suspicious objects (udso)

This action retrieves the list of user-defined suspicious objects (udso) from the Trend Micro Apex Central application.

Add suspicious objects to user-defined suspicious objects (udso)

This action adds suspicious objects to user-defined suspicious objects (udso) in the Trend Micro Apex Central application.

Configuration Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the base URL as FQDN, IP address for Trend Micro Apex Central application.

Example:

"https://trend.domain.tld"

Text

Required

Application ID

Enter the application ID for API access from the Trend Micro Apex Central application.

Example:

"FXXXXX3D-8XXF-4XXX-A6XX-6XXXXXX5B4BB1"

Text

Required

Note:

You must enable application integration using Trend Micro Apex Central automation APIs and isolate/restore endpoint connections.

API key

Enter the API key for API access from the Trend Micro Apex Central application.

Example:

"zaCExxxxxfnc8mxxxawjYr4Rx-AfXXXXxxtlx"

Password

Required

Note:

You must enable application integration using Trend Micro Apex Central automation APIs and isolate/restore endpoint connections.

SSL verification

Specify if you want to verify/skip the SSL certificate verification.

Example:

"True"

Boolean

Optional

Allowed values:

  • True

  • False

Default value:

  • False

Action: Get the list of product servers

This action retrieves the list of product servers from the Trend Micro Apex Central application.

Ac tion Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional parameters

Enter the additional parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

  • entity_id (str)

  • ip_address (str)

  • host_name (str)

  • product (str)

  • mac_address (str)

  • managing_server_id (str)

Example Request

[
  { 
    "extra_params": 
    {
       “ip_address”: “255.255.255.0”
    }
  }
]
Action: Get a list of product agents

This action retrieves the list of product agents from the Trend Micro Apex Central application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional parameters

Enter the additional parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

  • entity_id (str)

  • ip_address (str)

  • host_name (str)

  • product (str)

  • mac_address (str)

  • managing_server_id (str)

Example Request

[
  { 
    "extra_params": 
    {
       “ip_address”: “255.255.255.0”
    }
  }
]
Action: Isolate product agent

This action isolates the product agent in the Trend Micro Apex Central application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Entity ID

Enter the entity ID.

Example:

"fcxxx9-bxxe-4xx0-xxx7-4xxxxxxxe81"

Text

Required

Allow multiple match

Enter the preference to either allow or disallow multiple matches.

Example:

"True"

Boolean

Optional

Allowed values:

  • True

  • False

Default value:

  • False

Additional parameters

Enter the additional parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

  • ip_address (str)

  • mac_address (str)

  • host_name (str)

  • product (str)

Example Request

[
  {
    "entity_id": "fcxxx9-bxxe-4xx0-xxx7-4xxxxxxxe81",
    "extra_params": 
    {
       “ip_address”: “255.255.255.0”
    },
    "multiple_match": false
  }
]
Action: Restore product agent

This action restores the product agent in the Trend Micro Apex Central application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Entity ID

Enter the entity ID.

Example:

"fcxxx9-bxxe-4xx0-xxx7-4xxxxxxxe81"

Text

Required

Allow multiple match

Enter the preference to either allow or disallow multiple matches.

Example:

"True"

Boolean

Optional

Allowed values:

  • True

  • False

Default value:

  • False

Additional parameters

Enter the additional parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

  • ip_address (str)

  • mac_address (str)

  • host_name (str)

  • product (str)

Example Request

[
  {
    "entity_id": "fcxxx9-bxxe-4xx0-xxx7-4xxxxxxxe81",
    "extra_params": 
    {
       “ip_address”: “255.255.255.0”
    },
    "multiple_match": false
  }
]
Action: Get a list of user-defined suspicious objects (udso)

This action retrieves the list of user-defined suspicious objects (udso) from the Trend Micro Apex Central application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional parameters

Enter the additional parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

  • type (str) - ip, domain, url, file, file_sha1

  • contentfilfter (str) - match the specified string (this filter only supports the following types: "ip", "url", fil_sha1", "domain")

Example Request

[
  { 
    "extra_params": 
    {
        “type”: “ip”
    }
  }
]
Action: Add suspicious objects to user-defined suspicious objects (udso)

This action adds suspicious objects to user-defined suspicious objects (udso) in the Trend Micro Apex Central application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

IOC type

Enter the IOC type.

Example:

"ip"

Text

Required

Allowed values:

  • ip

  • url

  • domain

  • file

  • file_sha1

IOC value

Enter the IOC value.

Example:

"1.1.1.1"

Text

Required

Allowed values:

  • ip: ipv4

  • domain: fqdn

  • url: url of max 2047 characters

  • file_sha1: sha1 hash of max 40 characters.

  • file: file binary content as a base64 string.

Scan action

Enter the scan action.

Example:

"block"

Text

Required

Allowed values:

  • log

  • block

  • quarantine (only available for "ioc type = file") objects.

Notes

Enter the notes.

Example:

"malicious domain."

Text

Required

Note: Maximum number of characters allowed is 256.

Expiration date and time

Enter the UTC expiration date and time.

Example:

"2020-06-01t16:00:00z"

Text

Optional

Example Request

[
  {
    "notes": "Malicious Domain",
    "ioc_type": "domain",
    "ioc_value": "trenz.ml",
    "scan_action": "block",
    “expired_time“: “2020-06-01T16:00:00Z“
  }
]