
Trend Micro Deep Security
Endpoint Protection- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Deep Security connector integrates with Trend Micro Deep Security (the on-premise/hosted server management platform) using its REST API. It syncs protected computers as hosts, the computer groups they belong to, the intrusion-prevention rules assigned to each computer as vulnerability findings, and the global library of intrusion-prevention rules as vulnerability definitions. This gives Brinqa visibility into the managed endpoint inventory, the security modules enabled on each computer, and the intrusion-prevention coverage protecting them.
Data retrieved from Trend Micro Deep Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Computer Group | Yes | Computer Group |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from Trend Micro Deep Security in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Trend Micro Deep Security from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | Yes | (none) | Trend micro deep security server URL |
| Api key | Yes | (none) | Trend micro deep security api key |
| SSL / TLS | No | false | Skip certificate verification |
| Page size | No | 100 | Maximum number of records to get per API request |
Authentication
Deep Security uses API Key authentication. An API key is created in the Deep Security Manager and supplied to the connector as the apiKey configuration property. The key is sent on every request via a request header; there is no separate token-exchange step.
Connection test endpoint
| Method | URL |
|---|---|
| POST | /api/computers/search |
Request headers
| Header | Value | Description |
|---|---|---|
api-secret-key | <apiKey> | The Deep Security API secret key. |
api-version | v1 | Deep Security API version. |
Content-Type | application/json | Request body media type. |
Request body
{
"maxItems": 1
}
Sample response
{
"computers": [
{
"ID": 3,
"hostName": "WIN-FJP60EG2A19"
}
]
}
Response fields
| Field | Description |
|---|---|
computers | Array of computer resources matching the search criteria. A successful (HTTP 200) response confirms the API key is valid. |
How the credential is used
The same api-secret-key and api-version headers are attached to every subsequent API request (computer search, computer group search, per-computer intrusion-prevention rules, and the intrusion-prevention rule library). No bearer token or session is established.
Sync Behavior
The connector supports incremental (delta) syncs. It carries an incremental since timestamp between runs so that each sync only re-processes records changed since the previous run — the since value is applied to the underlying computer, computer group, per-computer intrusion-prevention rule, and intrusion-prevention rule-definition searches (computers are paged by object ID using an idTest: greater-than criterion). The initial run retrieves the complete data set; subsequent runs are incremental.
How to obtain Trend Micro Deep Security credentials
Obtain a Trend Micro Deep Security API key
For the Trend Micro Deep Security connector to retrieve data from the Trend Micro Deep Security API, you must provide an API key. To do so, follow these steps:
-
Log in to your organization's Trend Micro Deep Security portal as an administrator.
-
Navigate to Administration > API Keys.
-
Click Add API Key.
The Add API Key menu displays. Complete the following fields:
- Name: Provide a name for the API key.
- Role: Click the dropdown and select Auditor. This is the minimum role required to access the Trend Micro API and retrieve data.
- Expiration Time: Click the dropdown and select the expiry date for the token.
- Description: (Optional) Provide a description for the API key.
- Status: Toggle the Status to enable the API key.

-
Click Add.
Your new API key displays. You can not view the key again after this. Copy and save it to a safe and secure location.
-
(Optional) After you create the API key, you can restrict API access to specific IP addresses or IP ranges. Click the Name of the API key, and toggle Restrict API access to specified IP addresses.
If you prefer to restrict access to specific IP addresses or ranges, please contact your Brinqa Support specialists so that they can assist you with the list of IP addresses or IP ranges for whitelisting.
Note: If you do not have permissions to create an API token, contact your Trend Micro Deep Security administrator. For additional information, see Trend Micro documentation about Managing API keys and Defining roles for users.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
activityMonitoring.moduleStatus.agentStatus | ACTIVITY_MONITORING_MODULE_AGENT_STATUS |
activityMonitoring.moduleStatus.agentStatusMessage | ACTIVITY_MONITORING_MODULE_AGENT_STATUS_MESSAGE |
activityMonitoring.moduleStatus.applianceStatus | ACTIVITY_MONITORING_MODULE_APPLIANCE_STATUS |
activityMonitoring.moduleStatus.applianceStatusMessage | ACTIVITY_MONITORING_MODULE_APPLIANCE_STATUS_MESSAGE |
activityMonitoring.state | ACTIVITY_MONITORING_STATE |
antiMalware.lastManualScan | ANTI_MALWARE_LAST_MANUAL_SCAN |
antiMalware.lastScheduledScan | ANTI_MALWARE_LAST_SCHEDULED_SCAN |
antiMalware.manualScanConfigurationID | ANTI_MALWARE_MANUAL_SCAN_CONFIGURATION_ID |
antiMalware.moduleStatus.agentStatus | ANTI_MALWARE_AGENT_STATUS |
antiMalware.moduleStatus.agentStatusMessage | ANTI_MALWARE_AGENT_STATUS_MESSAGE |
antiMalware.moduleStatus.applianceStatus | ANTI_MALWARE_APPLIANCE_STATUS |
antiMalware.moduleStatus.applianceStatusMessage | ANTI_MALWARE_APPLIANCE_STATUS_MESSAGE |
antiMalware.realTimeScanConfigurationID | ANTI_MALWARE_REAL_TIME_SCAN_CONFIGURATION_ID |
antiMalware.realTimeScanScheduleID | ANTI_MALWARE_REAL_TIME_SCAN_SCHEDULE_ID |
antiMalware.scheduledScanConfigurationID | ANTI_MALWARE_SCHEDULED_SCAN_CONFIGURATION_ID |
antiMalware.state | ANTI_MALWARE_STATE |
applicationControl.maintenanceModeDuration | APPLICATION_CONTROL_MAINTENANCE_MODE_DURATION |
applicationControl.maintenanceModeStartTime | APPLICATION_CONTROL_MAINTENANCE_MODE_START_TIME |
applicationControl.maintenanceModeStatus | APPLICATION_CONTROL_MAINTENANCE_MODE_STATUS |
applicationControl.moduleStatus.agentStatus | APPLICATION_CONTROL_MODULE_AGENT_STATUS |
applicationControl.moduleStatus.agentStatusMessage | APPLICATION_CONTROL_MODULE_AGENT_STATUS_MESSAGE |
applicationControl.moduleStatus.applianceStatus | APPLICATION_CONTROL_MODULE_APPLIANCE_STATUS |
applicationControl.moduleStatus.applianceStatusMessage | APPLICATION_CONTROL_MODULE_APPLIANCE_STATUS_MESSAGE |
applicationControl.rulesetID | APPLICATION_CONTROL_RULE_SET_ID |
applicationControl.state | APPLICATION_CONTROL_STATE |
applicationControl.trustRulesetID | APPLICATION_CONTROL_TRUST_RULE_SET_ID |
| Azure VM summary cloudService | SERVICE |
| Azure VM summary imageID | IMAGE |
| Azure VM summary location | LOCATION |
azureARMVirtualMachineSummary.deploymentID | AZURE_ARM_VM_DEPLOYMENT_ID |
azureARMVirtualMachineSummary.deploymentModel | AZURE_ARM_VM_DEPLOYMENT_MODEL |
azureARMVirtualMachineSummary.metadata | AZURE_ARM_VM_METADATA |
azureARMVirtualMachineSummary.resourceGroup | AZURE_ARM_VM_RESOURCE_GROUP |
azureARMVirtualMachineSummary.securityGroup | AZURE_ARM_VM_SECURITY_GROUP |
azureARMVirtualMachineSummary.type | AZURE_ARM_VM_TYPE |
azureVMVirtualMachineSummary.deploymentID | AZURE_VM_DEPLOYMENT_ID |
azureVMVirtualMachineSummary.publicVirtualIPAddress | AZURE_VM_PUBLIC_VIRTUAL_IP_ADDRESS |
azureVMVirtualMachineSummary.type | AZURE_VM_TYPE |
| cloud VM summary cloudProvider | CLOUD_PROVIDER |
| cloud VM summary dnsName | DNS_NAMES / PUBLIC_DNS_NAMES / PRIVATE_DNS_NAMES |
| cloud VM summary instanceID | INSTANCE_ID |
| cloud VM summary operatingSystem | OPERATING_SYSTEM |
| cloud VM summary state | STATE |
| cloud VM summary subscriptionID/accountID | CLOUD_ACCOUNT_ID |
ComputerResource.agentFingerPrint | AGENT_FINGER_PRINT |
ComputerResource.agentGUID | AGENT_GUID |
ComputerResource.agentVersion | AGENT_VERSION |
ComputerResource.applianceFingerPrint | APPLIANCE_FINGER_PRINT |
ComputerResource.assetImportanceID | ASSET_IMPORTANCE_ID |
ComputerResource.biosUUID | BIOS_UUID |
ComputerResource.computerStatus.agentStatus | COMPUTER_AGENT_STATUS |
ComputerResource.computerStatus.agentStatusMessages | COMPUTER_AGENT_STATUS_MESSAGES |
ComputerResource.computerStatus.applianceStatus | COMPUTER_APPLIANCE_STATUS |
ComputerResource.computerStatus.applianceStatusMessages | COMPUTER_APPLIANCE_STATUS_MESSAGES |
ComputerResource.description | DESCRIPTION |
ComputerResource.displayName | DISPLAY_NAME |
ComputerResource.groupID | GROUP_ID |
ComputerResource.hostGUID | HOST_GUID |
ComputerResource.hostName | HOSTNAMES |
ComputerResource.id | UID |
ComputerResource.id | NAME |
ComputerResource.lastAgentCommunication | LAST_AGENT_COMMUNICATION |
ComputerResource.lastApplianceCommunication | LAST_APPLIANCE_COMMUNICATION |
ComputerResource.lastIPUsed (and per-cloud VM summaries) | IP_ADDRESSES / PUBLIC_IP_ADDRESSES / PRIVATE_IP_ADDRESSES |
ComputerResource.lastSendPolicyRequest | LAST_SEND_POLICY_REQUEST |
ComputerResource.lastSendPolicySuccess | LAST_SEND_POLICY_SUCCESS |
ComputerResource.platform | PLATFORM |
ComputerResource.policyID | POLICY_ID |
ComputerResource.relayListID | RELAY_LIST_ID |
ComputerResource.tasks.agentTasks | AGENT_TASKS |
ComputerResource.tasks.applianceTasks | APPLIANCE_TASKS |
| constant Host | CATEGORIES |
deviceControl.moduleStatus.agentStatus | DEVICE_CONTROL_MODULE_AGENT_STATUS |
deviceControl.moduleStatus.agentStatusMessage | DEVICE_CONTROL_MODULE_AGENT_STATUS_MESSAGE |
deviceControl.moduleStatus.applianceStatus | DEVICE_CONTROL_MODULE_APPLIANCE_STATUS |
deviceControl.moduleStatus.applianceStatusMessage | DEVICE_CONTROL_MODULE_APPLIANCE_STATUS_MESSAGE |
deviceControl.state | DEVICE_CONTROL_STATE |
ec2VirtualMachineSummary.amiID | EC2_VM_AMI_ID |
ec2VirtualMachineSummary.availabilityZone | EC2_VM_AVAILABILITY_ZONE |
ec2VirtualMachineSummary.metadata | EC2_VM_METADATA |
ec2VirtualMachineSummary.securityGroups | EC2_VM_SECURITY_GROUPS |
ec2VirtualMachineSummary.type | EC2_VM_TYPE |
ec2VirtualMachineSummary.virtualizationType | EC2_VM_VIRTUALIZATION_TYPE |
esxSummary.customAttributes | ESX_SUMMARY_CUSTOM_ATTRIBUTES |
esxSummary.manufacturer | ESX_SUMMARY_MANUFACTURER |
esxSummary.model | ESX_SUMMARY_MODEL |
esxSummary.numberOfNICs | ESX_SUMMARY_NUMBER_OF_NICS |
esxSummary.processors | ESX_SUMMARY_PROCESSORS |
esxSummary.processorType | ESX_SUMMARY_PROCESSOR_TYPE |
esxSummary.state | ESX_SUMMARY_STATE |
esxSummary.tpmAlertsEnabled | ESX_SUMMARY_TPM_ALERTS_ENABLED |
esxSummary.tpmEnabled | ESX_SUMMARY_TPM_ENABLED |
esxSummary.tpmHasData | ESX_SUMMARY_TPM_HAS_DATA |
esxSummary.tpmLastChecked | ESX_SUMMARY_TPM_LAST_CHECKED |
esxSummary.virtualMachines | ESX_SUMMARY_VIRTUAL_MACHINES |
esxSummary.vMotionEnabled | ESX_SUMMARY_VMOTION_ENABLED |
firewall.globalStatefulConfigurationID | FIREWALL_GLOBAL_STATEFUL_CONFIGURATION_ID |
firewall.moduleStatus.agentStatus | FIREWALL_MODULE_AGENT_STATUS |
firewall.moduleStatus.agentStatusMessage | FIREWALL_MODULE_AGENT_STATUS_MESSAGE |
firewall.moduleStatus.applianceStatus | FIREWALL_MODULE_APPLIANCE_STATUS |
firewall.moduleStatus.applianceStatusMessage | FIREWALL_MODULE_APPLIANCE_STATUS_MESSAGE |
firewall.ruleIDs | FIREWALL_RULE_IDS |
firewall.state | FIREWALL_STATE |
firewall.statefulConfigurationAssignments | FIREWALL_STATEFUL_CONFIGURATION_ASSIGNMENTS |
gcpVirtualMachineSummary.labels | GCP_VM_LABELS |
gcpVirtualMachineSummary.memory | GCP_VM_MEMORY |
gcpVirtualMachineSummary.networkTags | GCP_VM_NETWORK_TAGS |
gcpVirtualMachineSummary.projectID | GCP_VM_PROJECT_ID |
gcpVirtualMachineSummary.vCPUs | GCP_VM_VCPUS |
gcpVirtualMachineSummary.zone | GCP_VM_ZONE |
integrityMonitoring.lastBaselineCreated | INTEGRITY_MONITORING_LAST_BASELINE_CREATED |
integrityMonitoring.lastIntegrityScan | INTEGRITY_MONITORING_LAST_INTEGRATION_SCAN |
integrityMonitoring.moduleStatus.agentStatus | INTEGRITY_MONITORING_MODULE_AGENT_STATUS |
integrityMonitoring.moduleStatus.agentStatusMessage | INTEGRITY_MONITORING_MODULE_AGENT_STATUS_MESSAGE |
integrityMonitoring.moduleStatus.applianceStatus | INTEGRITY_MONITORING_MODULE_APPLIANCE_STATUS |
integrityMonitoring.moduleStatus.applianceStatusMessage | INTEGRITY_MONITORING_MODULE_APPLIANCE_STATUS_MESSAGE |
integrityMonitoring.ruleIDs | INTEGRITY_MONITORING_RULE_IDS |
integrityMonitoring.state | INTEGRITY_MONITORING_STATE |
interfaces.detected | INTERFACE_DETECTED |
interfaces.dhcp | INTERFACE_DHCP |
interfaces.displayName | INTERFACE_DISPLAY_NAME |
interfaces.id | INTERFACE_ID |
interfaces.interfaceTypeID | INTERFACE_TYPE_ID |
interfaces.ips | INTERFACE_IPs |
interfaces.mac | INTERFACE_MAC |
interfaces.name | INTERFACE_NAME |
intrusionPrevention.moduleStatus.agentStatus | INTRUSION_PREVENTION_MODULE_AGENT_STATUS |
intrusionPrevention.moduleStatus.agentStatusMessage | INTRUSION_PREVENTION_MODULE_AGENT_STATUS_MESSAGE |
intrusionPrevention.moduleStatus.applianceStatus | INTRUSION_PREVENTION_MODULE_APPLIANCE_STATUS |
intrusionPrevention.moduleStatus.applianceStatusMessage | INTRUSION_PREVENTION_MODULE_APPLIANCE_STATUS_MESSAGE |
intrusionPrevention.ruleIDs | INTRUSION_PREVENTION_RULE_IDS |
intrusionPrevention.state | INTRUSION_PREVENTION_STATE |
logInspection.moduleStatus.agentStatus | LOG_INSPECTION_MODULE_AGENT_STATUS |
logInspection.moduleStatus.agentStatusMessage | LOG_INSPECTION_MODULE_AGENT_STATUS_MESSAGE |
logInspection.moduleStatus.applianceStatus | LOG_INSPECTION_MODULE_APPLIANCE_STATUS |
logInspection.moduleStatus.applianceStatusMessage | LOG_INSPECTION_MODULE_APPLIANCE_STATUS_MESSAGE |
logInspection.ruleIDs | LOG_INSPECTION_RULE_IDS |
logInspection.state | LOG_INSPECTION_STATE |
| No-connector VM summary region | REGION |
noConnectorVirtualMachineSummary.directoryID | NO_CONNECTOR_VM_DIRECTORY_ID |
noConnectorVirtualMachineSummary.userName | NO_CONNECTOR_VM_USER_NAME |
sap.moduleStatus.agentStatus | SAP_MODULE_AGENT_STATUS |
sap.moduleStatus.agentStatusMessage | SAP_MODULE_AGENT_STATUS_MESSAGE |
sap.moduleStatus.applianceStatus | SAP_MODULE_APPLIANCE_STATUS |
sap.moduleStatus.applianceStatusMessage | SAP_MODULE_APPLIANCE_STATUS_MESSAGE |
sap.state | SAP_STATE |
securityUpdates.antiMalware | SECURITY_UPDATE_ANTI_MALWARE |
securityUpdates.lastChanged | SECURITY_UPDATE_LAST_CHANGED |
securityUpdates.manifests | SECURITY_UPDATE_MANIFESTS |
securityUpdates.other | SECURITY_UPDATE_OTHER |
securityUpdates.rules | SECURITY_UPDATE_RULES |
securityUpdates.updateStatus.status | SECURITY_UPDATE_STATUS |
securityUpdates.updateStatus.statusMessage | SECURITY_UPDATE_STATUS_MESSAGE |
securityUpdates.webReputationService | SECURITY_UPDATE_WEB_REPUTATION_SERVICE |
vcloudVMVirtualMachineSummary.type | VCLOUD_VM_TYPE |
vmwareVMVirtualMachineSummary.biosUUID | VMWARE_VM_BIOS_UUID |
vmwareVMVirtualMachineSummary.cpu | VMWARE_VM_CPU |
vmwareVMVirtualMachineSummary.memory | VMWARE_VM_MEMORY |
vmwareVMVirtualMachineSummary.notes | VMWARE_VM_NOTES |
vmwareVMVirtualMachineSummary.nsxSecurityGroups | VMWARE_VM_NSX_SECURITY_GROUPS |
vmwareVMVirtualMachineSummary.vCenterUUID | VMWARE_VM_VCENTER_UUID |
vmwareVMVirtualMachineSummary.vmwareTools | VMWARE_VM_TOOLS |
webReputation.moduleStatus.agentStatus | WEB_REPUTATION_MODULE_AGENT_STATUS |
webReputation.moduleStatus.agentStatusMessage | WEB_REPUTATION_MODULE_AGENT_STATUS_MESSAGE |
webReputation.moduleStatus.applianceStatus | WEB_REPUTATION_MODULE_APPLIANCE_STATUS |
webReputation.moduleStatus.applianceStatusMessage | WEB_REPUTATION_MODULE_APPLIANCE_STATUS_MESSAGE |
webReputation.state | WEB_REPUTATION_STATE |
workspaceVirtualMachineSummary.bundleID | WORKSPACE_VM_BUNDLE_ID |
workspaceVirtualMachineSummary.metadata | WORKSPACE_VM_METADATA |
workspaceVirtualMachineSummary.userName | WORKSPACE_VM_USER_NAME |
workspaceVirtualMachineSummary.workspaceDirectory | WORKSPACE_VM_DIRECTORY |
workspaceVirtualMachineSummary.workspaceHardware | WORKSPACE_VM_HARDWARE |
workspaceVirtualMachineSummary.workspaceID | WORKSPACE_VM_ID |
Computer Group
| Source Field Name | SDM Attribute |
|---|---|
ComputerGroupResource.amazonAccountID | AMAZON_ACCOUNT_ID |
ComputerGroupResource.amazonDirectoryID | AMAZON_DIRECTORY_ID |
ComputerGroupResource.amazonRegionID | AMAZON_REGION_ID |
ComputerGroupResource.amazonSubnetID | AMAZON_SUBNET_ID |
ComputerGroupResource.amazonVPCID | AMAZON_VPC_ID |
ComputerGroupResource.amazonWorkspacesID | AMAZON_WORKSPACES_ID |
ComputerGroupResource.cloudID | CLOUD_ACCOUNT_ID |
ComputerGroupResource.cloudType | CLOUD_TYPE |
ComputerGroupResource.description | DESCRIPTION |
ComputerGroupResource.directoryID | DIRECTORY_ID |
ComputerGroupResource.externalID | EXTERNAL_ID |
ComputerGroupResource.id | UID |
ComputerGroupResource.name | NAME |
ComputerGroupResource.parentGroupID | PARENT_GROUP_ID |
ComputerGroupResource.type | GROUP_TYPE |
ComputerGroupResource.virtualID | VIRTUAL_ID |
ComputerGroupResource.virtualName | VIRTUAL_NAME |
ComputerGroupResource.virtualType | VIRTUAL_TYPE |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
| computer ID | TARGETS |
constant active (normalized) | STATUS |
| derived from status | STATUS_CATEGORY |
IntrusionPreventionRule.alwaysIncludePacketData | ALWAYS_INCLUDE_PACKET_DATA |
IntrusionPreventionRule.applicationTypeID | APPLICATION_TYPE_ID |
IntrusionPreventionRule.debugModeEnabled | DEBUG_MODE_ENABLED |
IntrusionPreventionRule.eventLoggingDisabled | EVENT_LOGGING_DISABLED |
IntrusionPreventionRule.generateEventOnPacketDrop | GENERATE_EVENT_ON_PACKET_DROP |
IntrusionPreventionRule.id | UID |
IntrusionPreventionRule.identifier | IDENTIFIER |
IntrusionPreventionRule.lastUpdated | SOURCE_LAST_MODIFIED |
IntrusionPreventionRule.name | NAME |
IntrusionPreventionRule.name | TYPE |
IntrusionPreventionRule.originalIssue | ORIGINAL_ISSUE |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
| derived from severity | SEVERITY_SCORE |
IntrusionPreventionRule.action | ACTION |
IntrusionPreventionRule.alertEnabled | ALERT_ENABLED |
IntrusionPreventionRule.canBeAssignedAlone | CAN_BE_ASSIGNED_ALONE |
IntrusionPreventionRule.caseSensitive | CASE_SENSITIVE |
IntrusionPreventionRule.condition | CONDITION |
IntrusionPreventionRule.contextID | CONTEXT_ID |
IntrusionPreventionRule.customXML | CUSTOM_XML |
IntrusionPreventionRule.cve | CVE_IDS |
IntrusionPreventionRule.cve | CVE_RECORDS |
IntrusionPreventionRule.cvssScore | CVSS_V2_BASE_SCORE |
IntrusionPreventionRule.cvssScore | CVSS_V3_BASE_SCORE |
IntrusionPreventionRule.dependsOnRuleIDs | DEPENDS_ON_RULE_IDS |
IntrusionPreventionRule.description | DESCRIPTION |
IntrusionPreventionRule.detectOnly | DETECT_ONLY |
IntrusionPreventionRule.end | END |
IntrusionPreventionRule.name | UID |
IntrusionPreventionRule.name | NAME |
IntrusionPreventionRule.originalIssue | SOURCE_CREATED_DATE |
IntrusionPreventionRule.patterns | PATTERNS |
IntrusionPreventionRule.priority | PRIORITY |
IntrusionPreventionRule.recommendationsMode | RECOMMENDATIONS_MODE |
IntrusionPreventionRule.scheduleID | SCHEDULE_ID |
IntrusionPreventionRule.severity | SOURCE_SEVERITY |
IntrusionPreventionRule.severity (normalized) | SEVERITY |
IntrusionPreventionRule.signature | SIGNATURE |
IntrusionPreventionRule.start | START |
IntrusionPreventionRule.template | TEMPLATE |
IntrusionPreventionRule.type | CATEGORIES |
IntrusionPreventionRule.type | INTRUSION_TYPE |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
POST /api/computers/search - Default filters:
idTest: greater-thanon the computer object ID; whensinceis provided it is carried through the host fetch, and operation optionshostname/agentVersionaddstringTest: equalfilters.
Computer Group
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
POST /api/computergroups/search - Default filters:
idTest: greater-thanon the group object ID; operation optionnameadds astringTest: equalfilter on the group name.
Vulnerability
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
POST /api/computers/search - Default filters:
since(when provided) is applied to the underlying computer search.
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: REST endpoint · Endpoint:
POST /api/intrusionpreventionrules/search - Default filters:
idTest: greater-thanon the rule object ID; whensinceis provided afirstDateValuefilter onoriginalIssueis added, and operation optionseverityadds achoiceTest: equalfilter onseverity.
Changelog
The Trend Micro Deep Security connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.0 | Overview The Trend Micro Deep Security connector integrates with Trend Micro Deep Security to synchronize protected hosts and their computer groups, along with the vulnerabilities detected on them and the underlying vulnerability definitions. Category: Endpoint Protection Models | N/A |