Please check the below steps if it helps.

NB: Some of the below steps may need Microsoft team help since it may need their support from their product side.

_____________________________________________________________________________________________________________________________

The Trend Micro Vision One connector enables Azure Sentinel to automatically ingest Workbench alert data through the Trend Micro Vision One API.

The connector includes the following resources that can enhance your monitoring and investigation capabilities.

• Workbook that provides insights into alert trends and impacted hosts

• Rule templates that you can use to create incidents for alerts based on severity

1. Create an Azure Sentinel workspace.

   For more information, see https://docs.microsoft.com/en-us/learn/modules/create-manage-azure-sentinel-workspaces/.

• Configure and deploy the connector:

  Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Vision One.

  In your Azure Sentinel workspace, go to Content management > Content hub (Preview).

  A-In the Content hub page, search for Trend Vision One and click Install.

  B-Choose your workspace and click Start to install.

  C-After installation finishes, go to Configuration > Data connectors.

  D-Search for Trend Vision One (using Azure Function) and click Open connector page.

  E-On the connector page, go to the Instructions tab.

  F-Copy the Workspace ID and Workspace Key.

  G-Click Deploy to Azure.

  H-The Custom deployment page appears.

1. Configure the settings on the Custom deployment page.

   Setting	Configuration Notes
   Subscription	Manages deployed resources
   Resource group	Where to deploy the connector
   Function Name	Must be a unique name
   Workspace ID and Workspace Key	The information you copied from the Instructions tab You can also access the information from Log Analytics. Go to Log Analytics and navigate to your workspace. Go to Settings > Agents management. The information is on the Windows servers tab, under Download agent.
   API Key	An API key from a Trend Vision One user account Note: The Azure Sentinel connector requires an API key from a Trend Vision One user account with the Senior Analyst role or a user role with greater permissions. The user account access level must include APIs.
   Region Code	The region code that corresponds to the location of your Trend Vision One instance The following are valid values: au, eu, in, jp, sg, and us.
   Storage prefix	The storage prefix must comply with Azure naming conventions

2. Click Review + create.

   Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Vision One. The connector does not pull preexisting alert data.

3. Check ingested data in your Log Analytics workspace.

   For more information, see Checking Ingested Data in Log Analytics Workspace.

• Once the connector is successfully deployed, Azure Sentinel begins pulling newly created alert data from Trend Micro Vision One.
• Checking Ingested Data in Log Analytics Workspace

• Alert data ingested by Azure Sentinel is stored in Log Analytics workspaces.

  Important:

  An empty Log Analytics workspace indicates that no new alerts were created after the connector was successfully deployed. The connector does not pull preexisting alert data from Trend Vision One.

• Go to Log Analytics workspaces > {your_workspace} > General > Logs.
• In the Tables tab, under Custom Logs, verify that the TrendMicro_XDR_CL table exists.

  This table should exist if alerts were created in Trend Vision One after the connector was successfully deployed.

• Click Run to run the query and view the data.
• 
  Alert data ingested by Azure Sentinel is stored in Log Analytics workspaces.