Add Workflow for Trend Micro Vision One - Observed Attack Techniques alerts

[dipanjan1823]

Hi Chris,

We have workflow for Trend Micro Vision one Alert feature, where all workbench Alert can be fetch and feed into Qradar.
but Observed Attack Techniques alerts fetching workflow is not present. Request to share the Workflow for Trend Micro Vision One - Observed Attack Techniques alerts. where we can receive the alerts raised for Observed Attack Techniques.

API EndPoint : /v2.0/xdr/oat/detections

reference URL : https://automation.trendmicro.com/xdr/api-v2#tag/Observed-Attack-Techniques

thanks.
Dipanjan

[dipanjan1823]

Hi Chris,

do you have any planning for my request.

[ChrisCollinsIBM]

Hi @dipanjan1823,

As I mentioned in our other thread this is a community repo so IBM doesn't take requests or plans for anything here.

I can see where some confusion may come in as my name is on the commits for the existing https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/master/Community%20Developed/Trend%20Micro%20Vision%20One workflow, but that was from moving the existing workflows into a "Community Developed" folder.

The original developer of the workflow is @Fa6s as we can see in this Git history - https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/cec56a13e86a48a28c143f30b219e6a4e36cab51/Trend%20Micro%20Vision%20One so maybe they can be of some assistance for updating.

[dipanjan1823]

Thanks for the clarification and your help to add the developer for my request.

[Fa6s]

Hey @dipanjan1823 ,
As @ChrisCollinsIBM mentioned correctly, the Trendmicro workflow was community developed; meaning I did that as a IBM consultant for one of my clients - but I am not a developer for any official workflows neither am I a TrendMicro employee. I simply used the publicly available official API docs and the ibm workflow docs.
I might bei able to assist you with some advice in case you run into some problems while creating your workflow for this other endpoint. Or in case any step in my workflow taken as template is not clear to you. But you have to develop the workflow on your own.
Otherwise @ChrisCollinsIBM might bei able to guide you towards an official QRadar feature request page for this.

[ChrisCollinsIBM]

Thanks @Fa6s.

@dipanjan1823 here is the IBM Ideas portal for requesting official support for Features and Integrations in QRadar

https://www.ibm.com/support/pages/qradar-requesting-new-features-ibm-ideas

Separate of that however, a workflow via this GitHub repo would probably be the fastest route to getting the events you're looking for into QRadar since there's already a workflow published that interacts with the API you're looking at providing a good reference for the rest of the work needed.

This repo is a mix of Community and IBM Developed workflows, and lots of help is available regarding the framework itself so if you or someone else is working on something and has questions please feel free to ask them via discussions, merge requests on issues for submissions, etc.