Trend Micro Apex One

[jamiehynds]

Description

Apex One (formerly OfficeScan) provides a blend of advanced threat protection techniques delivered through a single-agent architecture to eliminate security gaps across any user activity and any endpoint.
• Automated detection and response against a variety of threats, including fileless and ransomware.
• Centralized visibility and control, with integration into endpoint detection and response (EDR) and managed detection and response (MDR) for advanced investigation and visibility across network.
• An all-in-one lightweight agent through software as a service (SaaS) and on-premises options

Architecture

Syslog in CEF is supported for both Apex Central (on-prem) and Apex One (SaaS). See here.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

• Change follows the contributing guidelines
• Supported versions of the monitoring target are documented
• Supported operating systems are documented (if applicable)
• Integration or System tests exist
• Documentation exists
• Fields follow ECS and naming conventions
• At least a manual test with ES / Kibana / Agent has been performed.
• Required Kibana version set to:

New Package

• Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• Dashboards exists
• Screenshots added or updated
• Datastream filters added to visualizations

Log dataset changes

• Pipeline tests exist (if applicable)
• Generated output for at least 1 log file exists
• Sample event (sample_event.json) exists

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[jamiehynds]

Closing as we've prioritised Vision One instead, based on Trend Micro's guidance. Vision One docs available here - https://docs.elastic.co/integrations/trend_micro_vision_one