TrendMicro
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

TrendMicro

  • Dark
    Light
  • PDF

Trend Micro is a cloud-client content security infrastructure that delivers global threat intelligence to protect from online threats, such as data stealing malware, phishing attacks, and other web, email, and mobile threats. It helps to deliver continuously updated protection to stop phishing, ransomware, Business Email Compromise (BEC) scams, spam and other advanced email threats before they reach your network. It provides advanced protection for Microsoft™ Exchange Server, Microsoft Office 365, Google™ Gmail, and other cloud or on-premises email solutions.

Examples

Listed below are some of the examples to configure a Webhook connection for the following use cases:

  • TrendMicro XDR: Block IP
  • TrendMicro XDR: Block URL
  • TrendMicro XDR: Block Domain
  • TrendMicro XDR: Block Email
  • TrendMicro XDR: Block FileHash

TrendMicro XDR: Block IP

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Identify the content of headers and payload that you need to provide in the Configuration Box.
  3. Ensure you enable the integration, once it is configured and validated.

Below is an example on how you can leverage this integration to block an IP using TrendMicro

URL

https://api.xdr.trendmicro.com/v2.0/xdr/response/block

Header

{"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

Payload

{
  "valueType":"ip",
   "targetValue":"$SrcIP",
   "productId":"DNIF",
   "description":"Blocking malicious IP"
}

image.png

TrendMicro: Block IP, blocks the resource i.e IP on your TrendMicro account based on the values given in the payload.

image.png

In the above figure, a workbook named Suspicious Remote Desktop Network Activity is executed which contains the following blocks:

image.png

  • SQL Block: Displays two suspicious Destination IPs on execution of the workbook

image.png

  • Signal Block: This will raise a signal on detecting the suspicious IPs.

image.png

  • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block IP, the IP is blocked on your TrendMicro account based on the values given in the payload.

image.png

TrendMicro XDR: Block URL

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Identify the content of headers and payload that you need to provide in the Configuration Box.
  3. Ensure you enable the integration, once it is configured and validated.

Below is an example on how you can leverage this integration to block an URL using TrendMicro.

URL

https://api.xdr.trendmicro.com/v2.0/xdr/response/block

Header

{"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

Payload

{
   "valueType":"url",
   "targetValue":"$URL",
   "productId":"DNIF",
   "description":"Blocking malicious URL"
}

image.png

TrendMicro: Block URL, blocks the resource i.e URL on your TrendMicro account based on the values given in the payload.

image.png

In the above figure, a workbook named Threat Malicious URL is executed which contains the following blocks:

image.png

  • SQL Block: Displays a malicious URL which is considered as threat.

image.png

  • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block URL, the URL is blocked on your TrendMicro account based on the values given in the payload.

image.png

TrendMicro XDR: Block Domain

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Identify the content of headers and payload that you need to provide in the Configuration Box.
  3. Ensure you enable the integration, once it is configured and validated.

Below is an example on how you can leverage this integration to block an domain using TrendMicro

URL

https://api.xdr.trendmicro.com/v2.0/xdr/response/block

Header

{"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

Payload

{
   "valueType":"domain",
   "targetValue":"$Domain",
   "productId":"DNIF",
   "description":"Blocking malicious Domain"
}

image.png

TrendMicro: Block Domain, blocks the resource i.e Domain on your TrendMicro account based on the values given in the payload.

image.png

In the above figure, a workbook named Threat Malicious URL is executed which contains the following blocks:

image.png

  • SQL Block: Displays one malicious URL which is considered as threat.

image.png

  • Code Block: This will extract the domain from that URL and save it in column $Domain.

image.png

  • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block Domain, the domain is blocked on your TrendMicro account based on the values given in the payload.

image.png

TrendMicro XDR: Block Email

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Identify the content of headers and payload that you need to provide in the Configuration Box.
  3. Ensure you enable the integration, once it is configured and validated.

Below is an example on how you can leverage this integration to block an Email using TrendMicro

URL

https://api.xdr.trendmicro.com/v2.0/xdr/response/block

Header

{"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

Payload

{
   "valueType":"mailbox",
   "targetValue":"$Sender",
   "productId":"DNIF",
   "description":"Blocking malicious Email"
}

image.png

TrendMicro: Block Email, blocks the resource i.e Email on your TrendMicro account based on the values given in the payload.

image.png

In the above figure, a workbook named Email Threats is executed which contains the following blocks:

image.png

  • SQL Block: Displays five emails that are considered as threats.

image.png

  • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block Email, all the emails are blocked on your TrendMicro account based on the values given in the payload.

image.png

TrendMicro XDR: Block FileHash

  1. In the Configuration Box, enter the Configuration Name to uniquely identify this configuration.
  2. Identify the content of headers and payload that you need to provide in the Configuration Box.
  3. Ensure you enable the integration, once it is configured and validated.

Below is an example on how you can leverage this integration to block an File Hash SHA1 using TrendMicro.

URL

https://api.xdr.trendmicro.com/v2.0/xdr/response/block

Header

{"Authorization": "Bearer [token]" , "Content-Type": "application/json;charset=utf-8"}

Payload

{
   "valueType":"file_sha1",
   "targetValue":"$ConfigurationFileHash",
   "productId":"DNIF",
   "description":"Blocking malicious File Hash"
}

image.png

TrendMicro: Block FileHash, blocks the resource i.e FileHash on your TrendMicro account based on the values given in the payload.

image.png

In the above figure, a workbook named Hash value WB is executed which contains the following blocks:

image.png

  • Search Block: Displays a File Hash value which is considered a threat.

image.png

  • DQL block with _trigger query: Using Webhook integration for TrendMicro: Block FileHash, the File Hash is blocked on your TrendMicro account based on the values given in the payload.

image.png


Was this article helpful?

What's Next