- StellarOne connects to Vision One via Service Gateway
- Detection logs are (aggregated and) sent by StellarOne
Steps
1) Setup VM of Service Gateway
https://success.trendmicro.com/solution/KA-0014683
2) Access the Service Gateway directly and use the default credentials
-
- Login: admin
- Password (Default): V1SG@2021
4) Type "Enable" to access administrator commands, then type the following:
configure network primary ipv4.static <interface> <ip_cidr> <gateway> <dns1> [dns2] [cni]
5) Switch to SSH and login with ‘admin’ and the new password
6) Type "Enable" to access administrator commands, then type the following:
configure endpoint <hostname/FQDN> (make sure to make the DNS servers are aware of the A record)
configure ntp <ntp_addr>
connect
register <registration_token>
All commands are based on:
https://docs.trendmicro.com/en-us/enterprise/trend-vision-one/common-apps/service-gateway-inve_001/servicegatewaytsandf/troubleshootingsg/service-gateway-cli-_001.aspx
To verify, go back to Vison One Console and check the status of Service Gateway
7) Next step is to enable forward proxy service on your Service Gateway
4) API Key is required while using Service Gateway functions
5) Get enrollment token from Product Connector
6) Product Connector is now ready to accept connections from StellarOne
7) Configuration from StellarOne console
Required:
Service Gateway Address from step 2
Service Gateway API key from step 4
Enrollment Token from step 5
8) After a successful connection to Vision One the enrollment token dialog will become un-editable
9) Step sending Logs to Vision One or disconnect from Vision one