Skip to content

Commit 5c0db41

Browse files
shubhamvekariya-crestshubhamvekariya-crest
authored
DDS : Rebranding Trend Micro integrations to TrendAI (DataDog#23119)
* Rebranding Trend Micro to TrendAI for email security and endpoint security integration * Rebranding Trend Micro to TrendAI for XDR integration * Trend Micro integrations service remapper related changes
1 parent e2e1fb5 commit 5c0db41

49 files changed

Lines changed: 872 additions & 626 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

trend_micro_email_security/README.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
## Overview
22

3-
[Trend Micro Email Security][1] is a cloud-based solution that stops phishing, ransomware, and business email compromise (BEC) attacks. This solution uses a combination of cross-generational threat techniques, like machine learning, sandbox analysis, data loss prevention (DLP), and other methods to stop all types of email threats.
3+
[TrendAI Email Security][1] is a cloud-based solution that stops phishing, ransomware, and business email compromise (BEC) attacks. This solution uses a combination of cross-generational threat techniques, like machine learning, sandbox analysis, data loss prevention (DLP), and other methods to stop all types of email threats.
44

55
This integration ingests the following logs:
66

@@ -11,39 +11,39 @@ Use out-of-the-box dashboards to visualize detailed insights into email traffic
1111

1212
## Setup
1313

14-
### Generate API credentials in Trend Micro Email Security
14+
### Generate API credentials in TrendAI Email Security
1515

16-
1. Log on to the Trend Micro Email Security administrator console.
16+
1. Log on to the TrendAI Email Security administrator console.
1717
2. Navigate to **Administration** > **Service Integration** > **API Access**.
1818
3. Click **Add** to generate an API Key.
1919
4. Switch to the **Log Retrieval** tab and Ensure the **status** for log retrieval is enabled.
20-
5. To identify the **Host Region** of your Trend Micro Email Security, please refer this [link][3].
21-
6. **Username** is **Login ID** of your Trend Micro Email Security console.
20+
5. To identify the **Host Region** of your TrendAI Email Security, please refer this [link][3].
21+
6. **Username** is **Login ID** of your TrendAI Email Security console.
2222

23-
### Connect your Trend Micro Email Security Account to Datadog
23+
### Connect your TrendAI Email Security Account to Datadog
2424

2525
1. Add your host region, username, and API key.
2626
| Parameters | Description |
2727
| ----------- | --------------------------------------------------------------------- |
28-
| Host Region | The region of the Trend Micro Email Security administrator console. |
29-
| Username | The username of the Trend Micro Email Security administrator console. |
30-
| API Key | The API key of the Trend Micro Email Security administrator console. |
28+
| Host Region | The region of the TrendAI Email Security administrator console. |
29+
| Username | The username of the TrendAI Email Security administrator console. |
30+
| API Key | The API key of the TrendAI Email Security administrator console. |
3131

3232
2. Click the **Save** button to save your settings.
3333

3434
## Data Collected
3535

3636
### Logs
3737

38-
The Trend Micro Email Security integration collects and forwards policy events and detection and mail tracking to Datadog.
38+
The TrendAI Email Security integration collects and forwards policy events and detection and mail tracking to Datadog.
3939

4040
### Metrics
4141

42-
The Trend Micro Email Security integration does not include any metrics.
42+
The TrendAI Email Security integration does not include any metrics.
4343

4444
### Events
4545

46-
The Trend Micro Email Security integration does not include any events.
46+
The TrendAI Email Security integration does not include any events.
4747

4848
## Support
4949

trend_micro_email_security/assets/dashboards/trend_micro_email_security_mail_tracking.json

Lines changed: 36 additions & 36 deletions
Large diffs are not rendered by default.

trend_micro_email_security/assets/dashboards/trend_micro_email_security_policy_events.json

Lines changed: 24 additions & 24 deletions
Large diffs are not rendered by default.

trend_micro_email_security/assets/logs/trend-micro-email-security.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ facets:
9595
name: byte
9696
pipeline:
9797
type: pipeline
98-
name: Trend Micro Email Security
98+
name: TrendAI Email Security
9999
enabled: true
100100
filter:
101101
query: "source:trend-micro-email-security"
@@ -132,7 +132,7 @@ pipeline:
132132
name: Remap attributes for mail tracking logs
133133
enabled: true
134134
filter:
135-
query: "service:mail-tracking"
135+
query: "(service:mail-tracking OR @vendor.endpoint:mail-tracking)"
136136
processors:
137137
- type: attribute-remapper
138138
name: Map `senderIP` to `network.client.ip`

trend_micro_email_security/assets/logs/trend-micro-email-security_tests.yaml

Lines changed: 38 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,9 @@ tests:
2121
"size" : 66390,
2222
"sender" : "sender@example.com",
2323
"embeddedUrls" : [ "http://example1.com", "http://example2.com" ],
24+
"vendor" : {
25+
"endpoint" : "mail-tracking"
26+
},
2427
"recipient" : "rcpt@example.com",
2528
"action" : "Delivered",
2629
"mailID" : "73173f80-2e0e-46df-b2dc-a62e80167067",
@@ -30,7 +33,6 @@ tests:
3033
"timestamp" : "2024-01-01T01:01:02Z",
3134
"direction" : "in"
3235
}
33-
service: "tracking"
3436
result:
3537
custom:
3638
action: "Delivered"
@@ -41,7 +43,6 @@ tests:
4143
-
4244
fileName: "test2.zip"
4345
sha256: "329436266f3927e89ea961e26855c8bd1f51401d92babd6627e493295376daf5"
44-
deliveredTo: "2.2.2.2"
4546
deliveryTime: "2024-01-01T01:01:05Z"
4647
details: "250 2.0.0 Ok: queued as 3CBEFC0811"
4748
direction: "incoming"
@@ -56,15 +57,23 @@ tests:
5657
- "header_rcpt3@example.com"
5758
mailID: "73173f80-2e0e-46df-b2dc-a62e80167067"
5859
messageID: "<7bebfeb6-f035-451f-8c4f-3377ab457b07@atl1s07mta2135.xt.local>"
60+
network:
61+
client:
62+
geoip: {}
63+
ip: "1.1.1.1"
64+
destination:
65+
geoip: {}
66+
ip: "2.2.2.2"
5967
recipient: "rcpt@example.com"
6068
sender: "sender@example.com"
61-
senderIP: "1.1.1.1"
6269
subject: "response sample"
6370
timestamp: "2024-01-01T01:01:02Z"
6471
tlsInfo: "upstreamTLS: TLS 1.2; downstreamTLS: TLS 1.2"
6572
trend_micro_email_security:
6673
messageSize: 66390
6774
type: "accepted_traffic"
75+
vendor:
76+
endpoint: "mail-tracking"
6877
message: |-
6978
{
7079
"attachments" : [ {
@@ -85,6 +94,9 @@ tests:
8594
"size" : 66390,
8695
"sender" : "sender@example.com",
8796
"embeddedUrls" : [ "http://example1.com", "http://example2.com" ],
97+
"vendor" : {
98+
"endpoint" : "mail-tracking"
99+
},
88100
"recipient" : "rcpt@example.com",
89101
"action" : "Delivered",
90102
"mailID" : "73173f80-2e0e-46df-b2dc-a62e80167067",
@@ -94,7 +106,6 @@ tests:
94106
"timestamp" : "2024-01-01T01:01:02Z",
95107
"direction" : "in"
96108
}
97-
service: "tracking"
98109
tags:
99110
- "source:LOGS_SOURCE"
100111
timestamp: 1704070861000
@@ -119,6 +130,9 @@ tests:
119130
"size" : 66390,
120131
"sender" : "sender@example.com",
121132
"embeddedUrls" : [ "http://example1.com", "http://example2.com" ],
133+
"vendor" : {
134+
"endpoint" : "mail-tracking"
135+
},
122136
"recipient" : "rcpt@example.com",
123137
"action" : "Delivered",
124138
"mailID" : "73173f80-2e0e-46df-b2dc-a62e80167067",
@@ -128,7 +142,6 @@ tests:
128142
"timestamp" : "2024-01-01T01:01:02Z",
129143
"direction" : "out"
130144
}
131-
service: "tracking"
132145
result:
133146
custom:
134147
action: "Delivered"
@@ -139,7 +152,6 @@ tests:
139152
-
140153
fileName: "test2.zip"
141154
sha256: "329436266f3927e89ea961e26855c8bd1f51401d92babd6627e493295376daf5"
142-
deliveredTo: "example.com[2.2.2.2]:25"
143155
deliveryTime: "2024-01-01T01:01:05Z"
144156
details: "250 2.0.0 Ok: queued as 3CBEFC0811"
145157
direction: "outgoing"
@@ -154,15 +166,23 @@ tests:
154166
- "header_rcpt3@example.com"
155167
mailID: "73173f80-2e0e-46df-b2dc-a62e80167067"
156168
messageID: "<7bebfeb6-f035-451f-8c4f-3377ab457b07@atl1s07mta2135.xt.local>"
169+
network:
170+
client:
171+
geoip: {}
172+
ip: "1.1.1.1"
173+
destination:
174+
geoip: {}
175+
ip: "2.2.2.2"
157176
recipient: "rcpt@example.com"
158177
sender: "sender@example.com"
159-
senderIP: "1.1.1.1"
160178
subject: "response sample"
161179
timestamp: "2024-01-01T01:01:02Z"
162180
tlsInfo: "upstreamTLS: TLS 1.2; downstreamTLS: TLS 1.2"
163181
trend_micro_email_security:
164182
messageSize: 66390
165183
type: "accepted_traffic"
184+
vendor:
185+
endpoint: "mail-tracking"
166186
message: |-
167187
{
168188
"attachments" : [ {
@@ -183,6 +203,9 @@ tests:
183203
"size" : 66390,
184204
"sender" : "sender@example.com",
185205
"embeddedUrls" : [ "http://example1.com", "http://example2.com" ],
206+
"vendor" : {
207+
"endpoint" : "mail-tracking"
208+
},
186209
"recipient" : "rcpt@example.com",
187210
"action" : "Delivered",
188211
"mailID" : "73173f80-2e0e-46df-b2dc-a62e80167067",
@@ -192,7 +215,6 @@ tests:
192215
"timestamp" : "2024-01-01T01:01:02Z",
193216
"direction" : "out"
194217
}
195-
service: "tracking"
196218
tags:
197219
- "source:LOGS_SOURCE"
198220
timestamp: 1704070861000
@@ -211,12 +233,14 @@ tests:
211233
"size" : 6564,
212234
"sender" : "sender@example.com",
213235
"recipients" : [ "rcpt1@example.com", "rcpt2@example.com" ],
236+
"vendor" : {
237+
"endpoint" : "policy-events"
238+
},
214239
"domainName" : "example.com",
215240
"details" : "{\"urlInfo\":[{\"url\":\"https://mcusercontent.com/87564ad664ceeac44909ec631/images/a8730208-6096-404c-9dd6-1c61c47a2861.png);background-repeat:\",\"extractType\":\"body\"}]}",
216241
"timestamp" : "2024-01-01T01:01:02.002Z",
217242
"direction" : "in"
218243
}
219-
service: "detection"
220244
result:
221245
custom:
222246
details: "{\"urlInfo\":[{\"url\":\"https://mcusercontent.com/87564ad664ceeac44909ec631/images/a8730208-6096-404c-9dd6-1c61c47a2861.png);background-repeat:\",\"extractType\":\"body\"}]}"
@@ -240,6 +264,8 @@ tests:
240264
timestamp: "2024-01-01T01:01:02.002Z"
241265
trend_micro_email_security:
242266
messageSize: 6564
267+
vendor:
268+
endpoint: "policy-events"
243269
message: |-
244270
{
245271
"policyAction" : "Bypass",
@@ -254,12 +280,14 @@ tests:
254280
"size" : 6564,
255281
"sender" : "sender@example.com",
256282
"recipients" : [ "rcpt1@example.com", "rcpt2@example.com" ],
283+
"vendor" : {
284+
"endpoint" : "policy-events"
285+
},
257286
"domainName" : "example.com",
258287
"details" : "{\"urlInfo\":[{\"url\":\"https://mcusercontent.com/87564ad664ceeac44909ec631/images/a8730208-6096-404c-9dd6-1c61c47a2861.png);background-repeat:\",\"extractType\":\"body\"}]}",
259288
"timestamp" : "2024-01-01T01:01:02.002Z",
260289
"direction" : "in"
261290
}
262-
service: "detection"
263291
tags:
264292
- "source:LOGS_SOURCE"
265293
timestamp: 1704070861001

trend_micro_email_security/assets/trend_micro_email_security.svg

Lines changed: 1 addition & 52 deletions
Loading

trend_micro_email_security/images/trend_ai_email_security_mail_tracking_dark.png

880 KB
Loading

trend_micro_email_security/images/trend_ai_email_security_mail_tracking_light.png

832 KB
Loading

trend_micro_email_security/images/trend_ai_email_security_policy_events_dark.png

896 KB
Loading

trend_micro_email_security/images/trend_ai_email_security_policy_events_light.png

1020 KB
Loading

0 commit comments

Comments
 (0)