icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Splunkbase will be undergoing a scheduled migration and will be unavailable on Saturday, Oct 1, 2022, from 11AM to 3PM PDT

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading TrendMicroVisionOne
SHA256 checksum (trendmicrovisionone_101.tgz) 130618443b437e91c04b06d6ea822e5c808e8f021baff197c8d3941188b9771e

Flag As Inappropriate



Splunk SOAR Cloud
This app is NOT supported by Splunk. Please read about what that means for you here.
Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster. Providing deep and broad extended detection and response (XDR) capabilities that collect and automatically correlate data across multiple security layers—email, endpoints, servers, cloud workloads, and networks—Trend Micro Vision One prevents the majority of attacks with automated protection

Supported Actions Version 1.0.1

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • get endpoint info: Gather information about an endpoint
  • quarantine device: Quarantine the endpoint
  • unquarantine device: Unquarantine the endpoint
  • on poll: Callback action for the on_poll ingest functionality
  • status check: Checks the status of a task
  • add to blocklist: Adds an item to the Suspicious Objects list in Vision One
  • remove from blocklist: Removes an item from the Suspicious Objects list
  • quarantine email message: Quarantine the email message
  • delete email message: Delete the email message
  • terminate process: Terminate the process running on the endpoint
  • add to exception: Add object to exception list
  • delete from exception: Delete object from exception list
  • add to suspicious: Add suspicious object to suspicious list
  • delete from suspicious: Delete the suspicious object from suspicious list
  • check analysis status: Get the status of file analysis based on task id
  • download analysis report: Get the analysis report of a file based on report id
  • collect forensic file: Collect forensic file
  • forensic file info: Get the download information for collected forensic file
  • start analysis: Submit file to sandbox for analysis
  • add note: Adds a note to an existing workbench alert
  • update status: Updates the status of an existing workbench alert

Release Notes

Version 1.0.1
Aug. 24, 2022
  • Initial Release with the following actions:
    • Update Status
    • Add Note
    • Submit File To Sandbox
    • Download Information Collected File
    • Collect File
    • Get File Analysis Report
    • Get File Analysis Status
    • Delete From Suspicious List
    • Add To Suspicious List
    • Delete From Exception List
    • Add To Exception List
    • Terminate Process
    • Delete Email Message
    • Quarantine Email Message
    • Remove From Blocklist
    • Add To Blocklist
    • Status Check
    • On Poll
    • Unquarantine Device
    • Quarantine Device
    • Get Endpoint Info
    • Test Connectivity

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.