Our Trend Micro Vision One integration is currently limited to ingesting alerts/detections/audit events from their platform, which is useful as a starting point to support SIEM use cases. However, similar to other integrations we have with CrowdStrike & SentinelOne, Trend Micro provides an API to ingest raw telemetry, which would unlock significant value for our mutual customers. This telemetry could be used for detections, dashboards, Analyzer view and more in Elastic Security.
The aim of this task is to add support for Trend's Datalake Pipeline API to ingest and map telemetry to ECS, to power our analytics.
Worth noting that Datalake Pipeline will incur additional costs for Trend Micro users (similar to how other vendors approach raw telemetry), which we'll need to make clear to our users.
Our Trend Micro Vision One integration is currently limited to ingesting alerts/detections/audit events from their platform, which is useful as a starting point to support SIEM use cases. However, similar to other integrations we have with CrowdStrike & SentinelOne, Trend Micro provides an API to ingest raw telemetry, which would unlock significant value for our mutual customers. This telemetry could be used for detections, dashboards, Analyzer view and more in Elastic Security.
The aim of this task is to add support for Trend's Datalake Pipeline API to ingest and map telemetry to ECS, to power our analytics.
Worth noting that Datalake Pipeline will incur additional costs for Trend Micro users (similar to how other vendors approach raw telemetry), which we'll need to make clear to our users.