Trend Micro Cloud App Security
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 2.0.0 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2021-09-28 |
| Solution Folder | Trend Micro Cloud App Security |
The Trend Micro Cloud App Security data connector provides the capability to retrieve security event logs of the services that Cloud App Security protects and more events into Microsoft Sentinel through the Log Retrieval API. Refer to API documentation for more information. The connector provides the ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
TrendMicroCAS_CL 🔶 |
Trend Micro Cloud App Security | Analytics, Hunting, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 22 content item(s) (21 in solution, 1 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Analytic Rules | 10 | 10 | - |
| Hunting Queries | 10 | 10 | - |
| Workbooks | 1 | 1 | - |
| Parsers | 1 | 0 | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Trend Micro CAS - DLP violation | High | Exfiltration | TrendMicroCAS_CL |
| Trend Micro CAS - Infected user | High | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Multiple infected users | High | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Possible phishing mail | Medium | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Ransomware infection | High | Impact | TrendMicroCAS_CL |
| Trend Micro CAS - Ransomware outbreak | High | Impact | TrendMicroCAS_CL |
| Trend Micro CAS - Suspicious filename | Medium | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Threat detected and not blocked | High | DefenseEvasion | TrendMicroCAS_CL |
| Trend Micro CAS - Unexpected file on file share | Medium | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Unexpected file via mail | Medium | InitialAccess | TrendMicroCAS_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Trend Micro CAS - DLP violations | Exfiltration | TrendMicroCAS_CL |
| Trend Micro CAS - Files received via email services | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Files stored on cloud fileshare services | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Infected files received via email | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Ransomware threats | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Rare files received via email services | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Risky users | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Security risk scan threats | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Suspicious files on sharepoint | InitialAccess | TrendMicroCAS_CL |
| Trend Micro CAS - Virtual Analyzer threats | InitialAccess | TrendMicroCAS_CL |
Workbooks
| Name | Tables Used |
|---|---|
| TrendMicroCAS | TrendMicroCAS_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| TrendMicroCAS ⚠️ | - | TrendMicroCAS_CL (read) |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊