Trend Micro Control Manager
App Vendor: Trend Micro Control Manager
Connector Category: Analytics & SIEM
Connector Version: 1.0.0
API Version: 7.0.0
About App
Trend Micro Control Manager™ is a central management console that manages Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. In Orchestrate, the Control Manager Web-based management console provides a single monitoring point for managed products and services throughout the network.
The Trend Micro Control Manager app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Add suspicious file object | This action adds a suspicious file object to the control manager user-defined suspicious object list. |
Isolate Product Agents | This action isolates product agents from the network by specifying the act value as "cmd_isolate_agent" in the HTTP request body. |
List Product Agents | This action retrieves a list of managed product agents. |
List Product Servers | This action lists the product servers. |
Configuration Parameters
The following configuration parameters are required for the Trend Micro Control Manager app to communicate with the Trend Micro Control Manager enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL. Example: https://www.name.com/path.html?param | Text | Required | |
App ID | Enter the app ID. | Text | Required | |
API Key | Enter the API key. | Password | Required | |
SSL Verification | Optional action to either verify or skip the SSL certificate verification preference. | Boolean | Optional | Allowed boolean values:
Default value: False |
Action: Add suspicious file object
This action adds a suspicious file object to the control manager user-defined suspicious object list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filename with extension | Enter the file name with extension. Example: suspiciousfileobject.txt | Text | Required | |
Base64 encoded file content | Enter the base64 encoded file content. | Text | Required | |
Scan action | Enter the file scan action. Example: log | Text | Required | |
Note for file submitting | Enter a note for file submitting. Example: File submitted | Text | Required |
Example Request
[
{
"filename_with_extension":"SuspiciousFileObject.txt",
"file_content_base64_string":"<Sample file content>",
"scan_action":"LOG",
"add_comment":"File submitted"
}
]Action: Isolate Product Agents
This action isolates product agents from the network by specifying the act value as "cmd_isolate_agent" in the HTTP request body.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Allow multiple matches | Enter your preference to either allow or disallow multiple matches. | Boolean | Required | Allowed boolean values:
Note: If this parameter is set to False, and the provided parameters match multiple agents, the action will be unsuccessful. |
Entity ID (GUID of the managed product agent) | Enter the entity ID (GUID of managed product agent). Example: 8a1a84550462-40bc9afc-3770-16ac-cd6c | Text | Optional | |
IP address of the managed product agent | Enter the IP address of the managed product agent. Example: 192.168.121.132 | Text | Optional | |
Mac address of the managed product agent | Enter the mac address of the managed product agent. Example: 00-0c-29-9b-ab-65 | Text | Optional | |
Host name of product agent | Enter the hostname of the product agent. Example: osceclient | Text | Optional | |
Trend micro product name | Enter the trend micro product name. | Text | Optional |
Example Request
[
{
"params":{
"entity_id":“81afe6-9fjnf35-hfi81-2300-dn33i“,
"ip_address":“192.168.132.121“,
"mac_address":“00-0C-29-9B-AB-65“,
"host_name":"OSCECLIENT",
"product":"SLF_PRODUCT_OFFICESCAN_CE",
"managing_server_id":“1193JU-203IQO-DH712-87HA“
}
}
]Action: List Product Agents
This action retrieves a list of managed product agents.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Parameters | Enter the following parameters in the form of key-value pairs. | Key Value | Optional | Allowed values:
|
Example Request
[
{
"params":{
"entity_id":“81afe6-9fjnf35-hfi81-2300-dn33i“,
"ip_address":“192.168.132.121“,
"mac_address":“00-0C-29-9B-AB-65“,
"host_name":"OSCECLIENT",
"product":"SLF_PRODUCT_OFFICESCAN_CE",
"managing_server_id":“1193JU-203IQO-DH712-87HA“
}
}
]Action: List Product Servers
This action lists the product servers.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Entity ID | Enter the entity ID. Example: 026332f39ebc-41c19604-02dd-2c5f-ede5 | Text | Optional | |
IP address | Enter the IP address. Example: 192.168.121.131 | Text | Optional | |
Hostname | Enter the hostname. Example: osceserver | Text | Optional | |
Trend micro product name | Enter the Trend Micro product name. Example:
| Text | Optional | For Trend Micro products, a value from the list of product values must be provided. |
Example Request
[
{
"entity_id":"026332f39ebc-41c19604-02dd-2c5f-ede5",
"ip_address":"192.168.121.131",
"hostname":"osceserver",
"trendmicro_product":"SLF_PRODUCT_TMDS"
}
]