Move faster than your adversaries with powerful, purpose-built XDR, attack surface management and zero trust capabilities. Trend Vision One integrates all these in a single modern cloud-native security operations solution.
Download Integration Guide
Smart SOAR Integration
D3 Smart SOAR’s integration with Trend Micro Vision One enables security teams to process Trend Micro alerts through Smart SOAR playbooks to identify and dismiss false positives. They can do this by collecting and analyzing contextual data from across their network. True threats are escalated for investigation where analysts can trigger remediation and investigation actions without leaving Smart SOAR. The integration allows for actions to be taken on the email, network, and endpoint security levels both automatically and manually.
Ingest and manage all alerts in one platform.
Check raw alert data for signs of false positives and dismiss on ingestion.
Manage email, endpoint, and network security from inside Smart SOAR.
Combine information from other tools to assist with investigation and response.
Suspicious Process Integration
All security alerts can be ingested into Smart SOAR from Trend Micro Vision One and handled uniquely based on the incident type. For example, if a suspicious process is found to be executing, playbooks inside Smart SOAR can query your EDR for recent activity executed by that device. The results can be compared to the alert and if a match is found, the alert is escalated to an analyst. Smart SOAR can also gather extra information on the affected users and devices to show the analyst the potential impact and scope of this alert. The analyst can then terminate the process or isolate the endpoint from within Smart SOAR.
If a suspicious email is detected, Smart SOAR can parse the header information, such as SPF and DKIM results, analyze it, and automatically dismiss or escalate the event. If the event is escalated, attachments and URLs included in the email can be enriched through Trend Micro Vision One or a third-party threat intelligence platform to give the investigation team more information on the artifacts inside the alert. If the email is verified as a phishing or spam attempt, the email can be quarantined or deleted, and the sender can be blacklisted through the Trend Micro Vision One API.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.