Trend Micro Email Security (new pack) (demisto#27963)

* first commit * add UT * commit * added docstring to managing_set_last_run function * Added description.md file and README.md file * commit * add UT, descriptions, and bugs fixes * add hide_sensitive parameter and UT * add UT * generate README * add modeling rule and comment corrections * commit * add docstring for all the UT * commit * comment corrections * commit * add Image, update docker and fix the schema * add description to pack_metadata.json * add categories to pack_metadata.json * pre-commit fixes * commit * commit * commit * update README file * fix UT * add UT * fix UT * update docker * add missing fields to the event * add UT * fix modeling-rule * correction comments * commit * fix UT * update docker * commit * Demo corrections * commit * comment corrections * fix UT * comment corrections * commit * commit * update docker * add docstring
xsoar-contrib · Oct 5, 2023 · 96eb15b · 96eb15b
1 parent 73ae89c
commit 96eb15b
Show file tree

Hide file tree

Showing 14 changed files with 1,591 additions and 0 deletions.
diff --git a/Packs/TrendMicroEmailSecurity/.pack-ignore b/Packs/TrendMicroEmailSecurity/.pack-ignore
diff --git a/Packs/TrendMicroEmailSecurity/.secrets-ignore b/Packs/TrendMicroEmailSecurity/.secrets-ignore
@@ -0,0 +1 @@
+dGVzdDp0ZXN0X2FwaV9rZXk=
diff --git a/...MicroEmailSecurity/Integrations/TrendMicroEmailSecurityEventCollector/README.md b/...MicroEmailSecurity/Integrations/TrendMicroEmailSecurityEventCollector/README.md
@@ -0,0 +1,47 @@
+Palo Alto Networks Trend Micro Email Security Event Collector integration for XSIAM.
+
+## Configure Trend Micro Email Security Event Collector on Cortex XSIAM
+
+1. Navigate to **Settings** > **Configurations** > **Data Collection** > **Automations & Feed Integrations**.
+2. Search for Trend Micro Email Security Event Collector.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Description** | **Required** |
+    | --- | --- | --- |
+    | Service URL |  | True |
+    | USER NAME |  | True |
+    | API Key |  | True |
+    | Trust any certificate (not secure) |  | False |
+    | Use system proxy settings |  | False |
+    | Hide sensitive details from email |  | False |
+    | The maximum number of events per fetch. | The maximum number of events to fetch every time fetch is executed. | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+**Note**: There are three types of events that the integration fetches, When the max fetch parameter is set to 1000 then 1000 logs will be retrieved from each type so that a total of 3000 logs can be retrieved.
+
+## Commands
+
+You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+
+### trend-micro-get-events
+
+***
+Manual command to fetch events and display them.
+
+#### Base Command
+
+`trend-micro-get-events`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| max_fetch | The maximum number of events to get. Default is 500. | Optional | 
+| since | Occurrence time of the least recent event to include (inclusive). Default is 3 days. | Optional | 
+| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Required | 
+
+#### Context Output
+
+There is no context output for this command.