Centralized security management helps you bridge the IT and SOC silos that often separate layers of protection and deployment models. This type of connected, centralized approach improves visibility and protection, reduces complexity, and eliminates redundant and repetitive tasks in security administration–all of which make your organization more secure and your life easier.
Trend Micro Apex Central reduces workload and saves time. Its benefits include:
No more console hopping – configure policies, manage threat and data protection, and perform detailed investigations from a central console for multiple layers of security.
Gain a holistic view of your security posture with continuous monitoring and centralized visibility.
Easy integration with your SOC.
Connected Threat Defense enables the sharing of real-time threat intelligence with all security layers so that if one layer uncovers a new threat, the other layers can protect against it.
Simple threat investigation tools allow you to look back in time to identify where a threat has spread and the full context and extent of an attack.
Automated Threat Intelligence distribution across Trend Micro Control Environment.
Automate Hash, IP, URL, and IOC blocking.
Enrich important information to your investigations.
Lookup malicious content across Trend Microdevices.
Run effective incident response cycle using Apex Central alert mechanism combined with SIRP risk-based SOAR capabilities.
Upload Yara rules to Apex Central using SIRP playbooks.
Products: SIRP and Trend Micro Apex Central.
This app allows the following actions:
Upload Yara File
Action to upload Yara rule file to Apex Central
Action to restore apex central agent
List Yara File
Action to fetch all Yara rules file lists into SIRP
Get List Servers
Action to fetch list of servers from Apex central console
Get List all agents
Action to fetch list of all agents from Apex central console
Action to Isolate or contain a host through an apex central agent
Get specific agent
Get details about an agent
Action to create a scan on Apex central console
Add URL to udso list
Action to Add URL to blacklist
Add IP to udso list
Action to Add IP to blacklist
Add Hash to udso list
Action to Add Hash to blacklist
Add Domain to udso list
Action to Add domain to blacklist
This app requires configuration in the following format:
App ID= <id>
Api Key= <api_key>
You can get all the information by just login to Apex Central
Go to Administration Tab
Click on Automation API access settings
Once you click save, You can get the Application ID and API keys.
Login to SIRP portal using user credentials.
Goto APPS > Trend Micro Apex Central and Enable Status
Enabling status will pop-up configuration window, and insert required details such as “Hostname/IP, api-key” acquired from Apex Central Console.