Introduction
Centralized security management helps you bridge the IT and SOC silos that often separate layers of protection and deployment models. This type of connected, centralized approach improves visibility and protection, reduces complexity, and eliminates redundant and repetitive tasks in security administration–all of which make your organization more secure and your life easier.
Benefits
Trend Micro Apex Central reduces workload and saves time. Its benefits include:
No more console hopping – configure policies, manage threat and data protection, and perform detailed investigations from a central console for multiple layers of security.
Gain a holistic view of your security posture with continuous monitoring and centralized visibility.
Easy integration with your SOC.
Connected Threat Defense enables the sharing of real-time threat intelligence with all security layers so that if one layer uncovers a new threat, the other layers can protect against it.
Simple threat investigation tools allow you to look back in time to identify where a threat has spread and the full context and extent of an attack.
Integration Features
Automated Threat Intelligence distribution across Trend Micro Control Environment.
Automate Hash, IP, URL, and IOC blocking.
Enrich important information to your investigations.
Lookup malicious content across Trend Microdevices.
Run effective incident response cycle using Apex Central alert mechanism combined with SIRP risk-based SOAR capabilities.
Upload Yara rules to Apex Central using SIRP playbooks.
Compatibility
Products: SIRP and Trend Micro Apex Central.
Platform: Independent.
Actions
This app allows the following actions:
Action | Description |
Upload Yara File | Action to upload Yara rule file to Apex Central |
Restore Agent | Action to restore apex central agent |
List Yara File | Action to fetch all Yara rules file lists into SIRP |
Get List Servers | Action to fetch list of servers from Apex central console |
Get List all agents | Action to fetch list of all agents from Apex central console |
Isolate agent | Action to Isolate or contain a host through an apex central agent |
Get specific agent | Get details about an agent |
Create Scan | Action to create a scan on Apex central console |
Add URL to udso list | Action to Add URL to blacklist |
Add IP to udso list | Action to Add IP to blacklist |
Add Hash to udso list | Action to Add Hash to blacklist |
Add Domain to udso list | Action to Add domain to blacklist |
Required Configuration
This app requires configuration in the following format:
Host=<hostname/ip address>
App ID= <id>
Api Key= <api_key>
You can get all the information by just login to Apex Central
Go to Administration Tab
Select Settings
Click on Automation API access settings
Once you click save, You can get the Application ID and API keys.
SIRP CONFIGURATION
Login to SIRP portal using user credentials.
Goto APPS > Trend Micro Apex Central and Enable Status
Enabling status will pop-up configuration window, and insert required details such as “Hostname/IP, api-key” acquired from Apex Central Console.
