Forum Discussion

tipper1510's avatar
tipper1510
Brass Contributor
Feb 02, 2023

Trend Micro XDR Data connector

Hi,

Just after further explanation of the following custom logs which get created when ingesting Trend Micro via the XDR data connector.

 

TrendMicro_XDR_Health_Check_CL

TrendMicro_XDR_OAT_CL

TrendMicro_XDR_OAT_Health_Check_CL

TrendMicro_XDR_RCA_Result_CL

TrendMicro_XDR_RCA_Task_CL

TrendMicro_XDR_WORKBENCH_CL

 

Best way to use these, do any need to be joined to get  the complete result?

Any help would be much appreciated.

 

Many thanks,

 

Tim

analytics
data collection
siem

4 Replies

  • Brilland's avatar
    Brilland
    MCT
    Mar 02, 2023
    Hello,
    I would like to know if when you connected the trend micro connector, you saw all these tables appear
    TrendMicro_XDR_Health_Check_CL
    TrendMicro_XDR_OAT_CL
    TrendMicro_XDR_OAT_Health_Check_CL
    TrendMicro_XDR_RCA_Result_CL
    TrendMicro_XDR_RCA_Task_CL
    TrendMicro_XDR_WORKBENCH_CL

    Because in my case I just see two tables:
    TrendMicro_XDR_Health_Check_CL
    TrendMicro_XDR_OAT_Health_Check_CL

    thanks
    • Clive_Watson's avatar
      Clive_Watson
      Bronze Contributor
      Mar 06, 2023
      I see all the Tables. You need the ..XDR_Workbench.. table for Alerts in Sentinel.
      • ahhann's avatar
        ahhann
        Copper Contributor
        Jul 13, 2023

        Clive_Watson 

        How you even get the rest of the table to appear?

        I'm using the default API role in the TM Vision One, which is the one with SIEM role, generated simulation alert, Workbench can see those alert. But still no logs appeared in the Sentinel after 12 hours.

         

        Documentation on the API account is not details and confusing.