Configure Trend Vision One for Arctic Wolf monitoring

You can configure Trend Vision One® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

An admin user account
A Trend Vision One package with an XDR license
Note: An XDR license is included in Trend Vision One Endpoint Security Essentials and Trend Vision One Advanced Access. Third-party vendors can change their services. You must confirm your licenses with the vendor.

Create a user role

Sign in to the Trend Micro Portal.
Click Administration > User Roles.
Click + Add Role.
In the General Information tab for the Role name field, enter a name for the role.
Click the Permissions tab, and grant these permissions:
- Platform Capabilities > XDR Threat Investigation:
  - Workbench — View, filter, and search
  - Observed Attack Techniques — View, filter, and search
- Settings > Administration:
  - Audit Logs — View, filter, and search
Click Save.

Sign in to the Trend Micro Portal.
Click Administration > API Keys.
Click Add API Key.
In the Add API Key window, configure these settings:
- Name — Enter a name for the role.
- Role — Select the role created in Create a user role.
- Expiration Time — Select an expiration date that meets your security governance requirements.
- Status — Enabled.
Click Add.
Save the generated API key in a safe, encrypted location to provide to Arctic Wolf later.
Click Close.