Quick Links

Setup includes the following steps (select any step for detailed instructions):

The API key grants Expel read-only access to the interface of your technology, which allows us to dig deeper during incidents and to investigate potential health issues with your tech.

1. Open your Trend Micro Apex Central Dashboard and go to Administration > Settings > Automation API Access Settings.
2. Select Add.
3. Provide a name for the application, such as "Expel".
4. The Application ID and API Key will be automatically generated; save them for use in the next section.
5. At the top of the browser page, copy the entire URL (including the https) and save it for use in the next section.

Step 2: Add Trend Micro Apex One as a Security Device in Workbench

Now, we can add Trend Micro Apex One as a security device in Workbench and set up console access. Expel needs console access to allow our SOC analysts to dig deeper during incident investigations and to enable our engineering teams to investigate potential health issues (including proper alert ingestion).

Before you begin, make sure you have the application ID, API key, and URL ready. You will also need your login credentials for the Trend Micro Apex Central Dashboard (username, password, and any applicable third-party authentication key). 

Note

Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes.

1. Log in to Workbench.
2. In the side menu, navigate to Organization Settings > Security Devices.
3. Select the Add Security Device button.
4. In the search box, type “trend” and then select the Trend Micro Apex One integration.
5. Complete the fields as follows:
   • Where is your device? - select cloud.
   • Name - enter a name that might help you more easily identify this integration, such as “CompanyName TrendMicroApexOne”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
   • Location - enter the location of your integration, for example “cloud;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
   • Server - enter the URL you copied in the prior section.
   • Application ID - enter the application ID you generated in the prior section.
   • API key - enter the API key you generated in the prior section.
6. Select Save.
7. Choose the "Set up now" option to set up console access, then scroll down to the Console Login area and complete the fields as follows:

   • Console URL - enter same URL you used for the Server in step 5, but this time add /login to the end of the URL.

   • Username - enter your Trend Micro Apex Central Dashboard username.

   • Password - enter your Trend Micro Apex Central Dashboard password.

   • Two-factor secret key (optional) - if necessary for login at your organization, enter the authentication key here; if not, leave this field blank. If you have questions about this field, contact support.

8. Select Save.
9. Your device should be created successfully within a few seconds. A few reminders:
   • After your connection is healthy, it will take some time for your device to begin polling and receiving data.
   • To check on the status, select the downward arrow for your device in the first column and choose View details. You can then scroll to the Connection section to see if your device is fully connected.
   • Polling will happen first; data will be received after that. You must refresh the page to see updates.
   • If your device does not begin polling within 15 minutes, and does not begin receiving data within 30 minutes, contact support.