The Trend Micro Vision One Action bundle enables the automatic dissemination of indicators to the Trend Micro Vision One platform. This action can be used to send items to the blacklist (suspicious object list), as well as the whitelist (exception list).

Trend Micro Vision One is single and unified cybersecurity platform that provides XDR across cloud and on-premises environments. It provides a single view of all security alerts, prioritized based on risk, and actionable insights to speed up investigations and response.

The bundle provides the following actions:

• Trend Micro VisionOne Add to Blocklist - exports IOCs to the suspicious object blocklist in Vision One.
• Trend Micro VisionOne Add to Exception List - exports IOCs from the given Threat Library data collection, to the exception list in Trend Micro Vision One.

The action is compatible with the following indicator types:

• FQDN
• IP Address
• URL
• Email Address
• SHA-1
• SHA-256

Note;  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.