Trend Micro Vision One integration

Elastic Stack Elastic Agent
1

Hello again,

I have installed the Trend micro vision one integration, I have already done the process of placing the URL and the API Key and everything was accepted without any error.

My question is why it is asking me to associate agents at the time of finalizing the configuration, as I understand this integration is to obtain the logs generated by the management console that controls all trend micro products.

Could you please help me to understand it well?

image
image1384Ă—840 130 KB

2

After a lot of reading, research, trial and error, I managed to solve the problem.

As the documentation is not clear, in the “URL” field I was putting the URL of the portal that the administrator of my company uses to manage the “Trend Micro Vision One” solution but it turns out that this was not the URL.

You must enter the URL intended for the API according to the region you are in by putting https at the beginning.
Trend Vision One Automation Center

This solved the problem.

Note: In the policy that asks you at the end of the configuration you must create a policy where the Agent that will make the API connection and collect the logs is located.

image
image951Ă—810 51.2 KB

3

Hi @juancamiloll,

Thanks for flagging this and apologies for any confusion caused by our lack of guidance on the supported URL formats. I've just created this issue and we'll aim to improve the guidance and workflow for configuring the URL: [Trend Micro Vision One] Add guidance to URL parameter · Issue #11319 · elastic/integrations · GitHub

1 Like
4

Thank you very much for your help, it is a great help that people like you have the good intention of requesting the necessary changes for a better documentation. Sometimes elastic documentation becomes very dense and confusing, you can't assume that whoever accesses the documentation is always knowledgeable or certified in ELK.

The reality is that some or many times, are implementations that you are asked to install or manage from scratch, not always have licensing for X or Y reason we work with the features that are free.

Although I have liked ELK a lot, it has been a challenge because when you get to the documentation looking for the answer to something, you end up visiting 10 or 20 more documents because there are links in many words. The forum helps a lot but there are also many times when the answers are left without a solution.

Note: sorry for my wording, I am using a translator.

1 Like