TrendAI Vision One™ enables transfer of suspicious object data and retrieval of threat intelligence data from the MISP threat sharing platform through a Service Gateway.
 |
ImportantThe MISP API does not return unpublished events for version 2.4.717 or later. Publish
events on the MISP server to ensure that threat intelligence data can be sent to TrendAI Vision One™.
To send MISP attributes as suspicious objects to TrendAI Vision One™, add the Intrusion Detection System flag. This determines if the attribute can be
automated.
For more information about MISP instance sizing, see Sizing your MISP instance.
|
Procedure
- In the TrendAI Vision One™ console, go to .
- Locate and click the MISP card.
- On the Service Gateway Connection tab, turn on the toggle to enable the MISP connection.
- Select Send data to MISP.
- Configure settings to allow TrendAI Vision One™ to send suspicious object data to MISP.
- Select Retrieve data from MISP.
- Configure settings to allow TrendAI Vision One™ to
retrieve threat intelligence data from MISP.You can only add indicator type STIX objects that are not revoked and do not have the anomalous activity, anonymization, benign, compromised, or unknown labels to the Suspicious Object List.Auto sweeping is only supported for report type STIX objects.
- Under Service Gateway
Connection, configure the connection between the Service
Gateway and the integration.The Service Gateway Connection panel appears.
- Select a Service Gateway from the list.If there are no Service Gateways available, go to to manage your virtual appliances.
- Click Connect.
- Click Save.