This article contains information on integrating TrendAI Vision One with Mimecast’s Human Risk Platform to import malware incidents, update user risk scores, and enable targeted training based on endpoint behavior.
Overview
The integration with Mimecast's Human Risk Platform and TrendAI Vision One enhances the robustness of Human Risk scoring, by adding human behavior relating End User' interactions with malware on devices.
This allows you to send your users training and other information based on their malware associated behavior.
The integration periodically reads endpoint protection incidents associated with cases from TrendAI Vision One Endpoint Security via API. These are forwarded to the Human Risk Platform, which associates each incident with a user and updates the malware behavior score for that user.
The integration requires two pieces of information: an API Key, generated in the Vision One console, in order to to authenticate with the API; and the correct Base URL for the region the your Vision One account is hosted. The API Key should be given the Auditor role.
This integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security - MX customers.
Considerations
- This feature is available to customers with Email Security - MX and / or an Engage subscription, with the the Human Risk Command Center.
- Historical events will not be pulled from TrendAI Vision One Endpoint Security; only events from the point of integration onward. This simplifies onboarding, and will not change historical scores.
Prerequisites
- TrendAI Vision One subscription with Endpoint Security.
- You must have one of the following roles:
- Global Sys Admin.
- Sys Admin - SD Full.
- Super Administrator.
- Full Administrator.
- Basic Administrator.
- Partner Administrator.
- Custom Role with Integrations Marketplace (Read/Write permissions must be enabled.)
Configuring the TrendAI Vision One Integration
The integration is configured in the TrendAI Vision One console and then in the Mimecast Administration Console, in the Integrations Hub. To authenticate to the TrendAI Vision One API, you must create and add an API key. These credentials are then used to create an integration with the Mimecast Human Risk Command Center.
You can configure the TrendAI Vision One integration, by using the following steps:
- Log in to the TrendAI Vision One console.
-
Navigate to your organization drop down | API Keys.
-
Click on Add API Keys.
-
Enter details for the API Key, ensuring that you use the Auditor role.
-
Click on Add.
Copy your API Key to a secure location, as you will not be able to revisit it.
- Log in to the Mimecast Administration Console.
-
Navigate to Integrations | Integrations Hub.
-
From the available Integrations, select TrendAI Vision One, and click on Configure New.
- Complete the Details section:
- Name: Enter a Name.
- Description: Enter a Description.
- Client Secret: Enter the API Key noted in step 5.
- Base URL: Enter the correct Base URL for the region that your TrendAI Vision One account is hosted in.
- Select Save to complete the integration process.
Frequently Asked Questions
| Q: | How long does it take to deploy the integration? |
| A: | The integration can be fully deployed in just a couple of minutes. It may take up to 24 hours for malware-related scores to appear in the Human Risk Dashboard. |
| Q: | Is any historical data loaded from TrendAI Vision One Endpoint Security? |
| A: | Historical events will not be pulled from TrendAI Vision One Endpoint Security; only events from the point of integration onward. |
| Q: | Why do I not see many malware events affecting users’ risk score? |
| A: | A frequent concern users have with human risk is marking innocent users risky due to false positives in the security solutions we leverage for data. To mitigate this, only incidents with a true positive disposition are counted against users. |
Comments
Please sign in to leave a comment.