Skip to main content

Cyware Orchestrate

Trend Micro Apex Central 2.0.0

App Vendor: Trend Micro

App Category: Forensics & Malware Analysis, Data Loss and Prevention

Connector Version: 2.0.2

API Version: 2019 R1

About App

The Trend Micro Apex Central app allows security teams to integrate with the Trend Micro Apex Central enterprise application to manage product agents, product servers, and User-Defined Suspicious Objects (UDSO) at the gateway, mail server, file server, and corporate desktop levels.

The Trend Micro Apex Central app is configured with Orchestrate to perform the following actions:

Action Name

Description

Add Suspicious Objects to User-Defined Suspicious Objects (UDSO)

This action adds suspicious objects to User-Defined Suspicious Objects (UDSO).

Get a List of User-Defined Suspicious Objects (UDSO)

This action retrieves a list of User-Defined Suspicious Objects (UDSO).

Get a List of Product Agents

This action retrieves a list of product agents.

Get List of Product Servers

This action retrieves a list of product servers.

Isolate Product Agent

This action isolates the product agent.

Restore Product Agent

This action restores the product agent.

Configuration Parameters

The following configuration parameters are required for the Trend Micro Apex Central connector app to communicate with the Trend Micro Apex Central enterprise application. The parameters can be configured by creating instances in the connector app.

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the base URL as Fully Qualified Domain Value FQDN or IP address.

Text

Required

Application ID

Enter the application ID.

Text

Required

To access the application, enable integration using apex central automation APIs and isolate or restore endpoint connections.

API Key

Enter the API key.

Password

Required

To access the application, enable integration using apex central automation APIs and isolate or restore endpoint connections.

SSL Verification

Enter your preference to either verify or skip the SSL certificate verification.

Boolean

Optional

Allowed values:

  • true

  • false

The default value is false.

Action: Add Suspicious Objects to User-Defined Suspicious Objects (UDSO)

This action adds suspicious objects to User-Defined Suspicious Objects (UDSO).

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

IOC Type

Enter the IOC type.

Text

Required

Allowed values:

  • ip

  • url

  • domain

  • file

  • file_sha1

IOC Value

Enter the IOC value.

Text

Required

Allowed values:

  • ip: ipv4 - domain

  • fqdn

  • url: URI of max 2047 characters

  • file_sha1: sh1 hash of maximum 40 characters

  • file: file binary content as a base64 string

Scan Action

Enter the scan action.

Text

Required

Allowed values:

  • log

  • block

  • quarantine: only available for "ioc type = file" objects.

Notes

Enter the notes.

Example:

"malicious domain"

Text

Required

The maximum number of allowed characters is 256.

Expiration Date and Time

Enter the UTC expiration date and time.

Example:

2020-06-01t16:00:00z

Text

Optional

Action: Get a List of User-Defined Suspicious Objects (UDSO)

This action retrieves a list of User-Defined Suspicious Objects (UDSO).

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional Parameters

Enter the additional parameters in the form of key-value pairs.

Key-value

Optional

Allowed key values:

  • type (str): ip, url, domain, file, file_sha1

  • contentfilter (str): match the specified string (this filter supports only the following: "ip", "url", fil_sha1", "domain"

Action: Get a List of Product Agents

This action retrieves a list of product agents.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional Parameters

Enter additional parameters in the form of key-value pairs.

Key-value

Optional

Allowed key values:

  • entity_id (str)

  • ip_address (str)

  • host_name (str)

  • product (str)

  • mac_address (str)

  • managing_server_id (str)

Action: Get the List of Product Servers

This action retrieves the list of product servers.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Additional Parameters

Enter additional parameters in the form of key-value pairs.

Key-value

Optional

Allowed key values:

  • entity_id (str)

  • ip_address (str)

  • host_name (str)

  • product (str)

Action: Isolate Product Agent

This action isolates the product agent.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Entity ID

Enter the entity ID.

Example:

"fc0a6cd9-b71e-4d50-8487-46c3cc47be81"

Text

Required

Allow Multiple Match

Enter your preference to either allow or disallow multiple match.

Boolean

Optional

Allowed values:

  • true

  • false

The default value is false.

Additional Parameters

Enter additional parameters in the form of key-value pairs.

Key-value

Optional

Allowed key values:

  • ip_address (str)

  • mac_address (str)

  • host_name (str)

  • product (str)

Action: Restore the Product Agent

This action restores the product agent.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Entity ID

Enter the entity ID.

Example

"fc0a6cd9-b71e-4d50-8487-46c3cc47be81"

Text

Required

Allow Multiple Match

Enter the optional preference to either allow or deny multiple match.

Boolean

Optional

Allowed values:

  • true

  • false

The default value is false.

Additional Parameters

Enter additional parameters in the form of key-value pairs.

Key-value

Optional

Allowed key values:

  • ip_address (str)

  • mac_address (str)

  • host_name (str)

  • product (str)