Skip to main content

How to integrate Trend Micro Vision One account?

Overview

To authenticate with Trend Micro Vision One and access their REST APIs, you will need the following information:

  • API Base URL (regional endpoint)
  • API Key (Authentication Token)

Trend Micro Vision One uses API key-based authentication with bearer tokens for all REST API calls.

Step 1: Login to Vision One Console

  1. Sign in to your Trend Micro Vision One console

    • Global: https://portal.xdr.trendmicro.com
    • US: https://portal.us.xdr.trendmicro.com
    • EU: https://portal.eu.xdr.trendmicro.com
    • JP: https://portal.jp.xdr.trendmicro.com
    • SG: https://portal.sg.xdr.trendmicro.com
    • AU: https://portal.au.xdr.trendmicro.com
    • IN: https://portal.in.xdr.trendmicro.com

  2. Ensure you have Master Administrator or Operator role with API access permissions

Step 2: Navigate to API Keys

  1. In the Vision One console, go to Administration
  2. Select API Keys from the menu
  3. You'll see a list of existing API keys (if any)

Step 3: Create a New API Key

  1. Click Add API Key

  2. Fill in the following details:

    API Key Configuration:

    • Name: Enter a descriptive name (e.g., "Unizo Integration")
    • Description: Add details about the integration purpose
    • Role: Select the appropriate role for API access

  3. Select API Key Role:

    Available Roles:

    • Master Administrator: Full access to all APIs
    • Operator: Read and write access to most operations
    • Auditor: Read-only access to logs and reports
    • Recipient: Limited read access

    Recommended for EDR/XDR Integration:

    • Minimum: Operator role for full integration
    • Read-only: Auditor role for monitoring only

  4. Set API Key Expiration:

    • Select expiration period (90 days, 180 days, 1 year)
    • Or choose No expiration (not recommended for production)

  5. Select API Access Permissions:

    Choose the specific APIs your integration needs:

    • Suspicious Object APIs: For threat intelligence
    • Search APIs: For investigation queries
    • Response APIs: For response actions
    • Workbench APIs: For alert management
    • Endpoint APIs: For endpoint management
    • Email APIs: For email security
    • User Activity APIs: For user behavior analytics

  6. Click Add

Step 4: Copy API Key

After creation, Vision One will display your API key:

  1. Copy the API Key immediately - it's displayed only once
  2. The key format will be a long alphanumeric string
  3. Store it securely in a secrets manager

Important:

  • The API key is shown only once
  • If lost, you must generate a new key
  • Keep the key confidential