Trend Micro Cloud Conformity
- Jonas Gonzalez
Trend Micro Cloud Conformity provides continuous security, compliance, and governance for your cloud infrastructure.
Connect Trend Micro Cloud Conformity with Devo SOAR
Navigate to Automations > Integrations.
Search for Trend Micro Cloud Conformity.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Api Token: Api Token to access Trend Micro Cloud Conformity
Region: Region to access Trend Micro Cloud Conformity
After you've entered all the details, click Connect.
Actions for Trend Micro Cloud Conformity
List All Accounts
Get all accounts that you have access to.
Input Field
Choose a connection that you have previously created.
Output
JSON containing following items:
``` {json}{ "data": [ { "type": "accounts", "id": "63457713-88ae-4d70-bc4d-f0f1a290d488", "attributes": { "name": "integrations", "environment": "staging", "awsaccount-id": "827505017847", "security-package": true, "created-date": 1650957280117, "last-notified-date": 1652699185645, "last-checked-date": 1652699185254, "last-monitoring-event-date": null, "access": null, "tags": [ "staging" ], "cloud-type": "aws", "resources-count": 780, "consumption-tier": "Small: 250-999 resources" }, "relationships": { "organisation": { "data": { "type": "organisations", "id": "910286450235" } } } } ], "error": null, "has_error": false }
## Get Account Details
Get account details by its Id.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :-------------------------------------------------------------------------------------------- | :------- |
| Account Id | [Jinja-templated](doc:jinja-template) text containing the Cloud Conformity ID of the account. | Required |
### Output
JSON containing following items:
``` {json}{
"data": {
"type": "accounts",
"id": "63457713-88ae-4d70-bc4d-f90d488",
"attributes": {
"name": "integrations",
"environment": "staging",
"awsaccount-id": "82757847",
"error-code": null,
"status": "ACTIVE",
"security-package": true,
"created-date": 1650957280117,
"settings": {
"rules": [
{
"enabled": false,
"id": "S3-021",
"riskLevel": "HIGH"
}
]
},
"last-notified-date": 1652699185645,
"last-checked-date": 1652699185254,
"last-monitoring-event-date": null,
"access": null,
"bot-status": null,
"tags": [
"staging"
],
"cloud-type": "aws",
"resources-count": 780,
"consumption-tier": "Small: 250-999 resources"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "910286235"
}
}
}
},
"error": null,
"has_error": false
}List All Account Checks
List all account checks.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Account Ids | Jinja-templated text containing the comma separated Cloud Conformity ID of the accounts. Example '123,789' | Required |
Consistent Pagination | Jinja-templated text containing the parameter that ensures that no duplicate checks are returned when paginating with the API. Setting this to false increases performance but could also introduce duplicates. (Default as 'true') | Optional |
Filter | Jinja-templated text containing all the filter. Example: 'filter[riskLevels]=HIGH&filter[services]=EC2,IAM' | Optional |
Page Size | Jinja-templated text containing the page size for the pagination. | Optional |
Page Number | Jinja-templated text containing the page number for pagination. | Optional |
Output
JSON containing following items:
``` {json}{ "data": [ { "type": "checks", "id": "ccc:63457713-88ae-4d70-8:EC2-047:EC2:us-west-2:i-0414e7fb", "attributes": { "region": "us-west-2", "status": "FAILURE", "risk-level": "HIGH", "pretty-risk-level": "High", "message": "EC2 instance i-04ca899bbe7fb is idle", "resource": "i-04ca899514e7fb", "descriptorType": "ec2-itance", "link-title": "i-04ca899514e7fb", "resourceName": "EC2 Instance", "last-modified-date": 1652544404570, "created-date": 1651055706272, "categories": [ "cost-optimisation", "sustainability" ], "compliances": [ "AWAF", "AGISM", "FISC-V9" ], "failure-discovery-date": 1651055706272, "ccrn": "ccrn:aws:63457713-88ae-4d70-bc4d-f0f1a290d488:EC2:us-west-2:i-04ca899bb8514e7fb", "extradata": [ { "name": "CPU_UTILIZATION", "label": "CPU Utilization", "type": "META", "value": "1%" }, { "name": "TYPE", "label": "Instance Type", "type": "META", "value": "t1.micro" }, { "name": "NETWORK_UTILIZATION", "label": "Network Utilization", "type": "META", "value": "0 MB" } ], "tags": [ "Cost Center::Engineering", "Name::remote-agent-unix-dev", "Application::Integration" ], "cost": 14, "waste": 14, "excluded": false, "rule-title": "Idle EC2 Instance", "link": "https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Instances:search=i-04ca899bb8514e7fb;sort=desc:dnsName", "provider": "aws", "resolution-page-url": "https://www.cloudconformity.com/knowledge-base/aws/EC2/idle-instance.html#910286450235", "service": "EC2" }, "relationships": { "rule": { "data": { "type": "rules", "id": "EC2-047" } }, "account": { "data": { "type": "accounts", "id": "63457713-88ae-4d70-bc4d-f0fd488" } } } }, { "type": "checks", "id": "ccc:63457713-88ae-4d70-bc4d-f0d488:EC2-047:EC2:us-west-2:i-0e3ceab8d8f", "attributes": { "region": "us-west-2", "status": "FAILURE", "risk-level": "HIGH", "pretty-risk-level": "High", "message": "EC2 instance i-0e3cec0e8d8f is idle", "resource": "i-0e3ceabc8d8f", "descriptorType": "ec2-instance", "link-title": "i-0e3ceac0e8d8f", "resourceName": "EC2 Instance", "last-modified-date": 1652411147004, "created-date": 1651055706272, "categories": [ "cost-optimisation", "sustainability" ], "compliances": [ "AWAF", "AGISM", "FISC-V9" ], "failure-discovery-date": 1651055706272, "ccrn": "ccrn:aws:63457713-88ae-4d70-bc4d-f0f488:EC2:us-west-2:i-0e3ceab8d8f", "extradata": [ { "name": "CPU_UTILIZATION", "label": "CPU Utilization", "type": "META", "value": "0.5%" }, { "name": "TYPE", "label": "Instance Type", "type": "META", "value": "t2.micro" }, { "name": "NETWORK_UTILIZATION", "label": "Network Utilization", "type": "META", "value": "0 MB" } ], "tags": [ "os::linux", "Cost Center::Engineering", "Name::remote-agent-unix-test", "Application::Integration" ], "cost": 8, "waste": 8, "excluded": false, "rule-title": "Idle EC2 Instance", "link": "https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Instances:search=i-0e3ceabccec0e8d8f;sort=desc:dnsName", "provider": "aws", "resolution-page-url": "https://www.cloudconformity.com/knowledge-base/aws/EC2/idle-instance.html#910286450235", "service": "EC2" }, "relationships": { "rule": { "data": { "type": "rules", "id": "EC2-047" } }, "account": { "data": { "type": "accounts", "id": "63457713-88ae-4d70-bc4d-f0f188" } } } } ], "meta": { "total": 2, "page-number": 1, "page-size": 2 } }
## List All Events
List all events.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Account Ids | [Jinja-templated](doc:jinja-template) text containing the comma separated Cloud Conformity ID of the accounts. Example '123,789' | Optional |
| AWS events | [Jinja-templated](doc:jinja-template) text, if true returns AWS events. | Optional |
| Azure events | [Jinja-templated](doc:jinja-template) text, if true returns Azure events. | Optional |
| Cloud Conformity activity-events | [Jinja-templated](doc:jinja-template) text, if true returns Cloud Conformity activity-events. | Optional |
| Filter | [Jinja-templated](doc:jinja-template) text containing all the filter. Example: 'filter[identities]=static-deployer&filter[since]=1519919272016' | Optional |
| Page Size | [Jinja-templated](doc:jinja-template) text containing the page size for pagination. | Optional |
| Page Number | [Jinja-templated](doc:jinja-template) text containing the page number for pagination. | Optional |
### Output
JSON containing following items:
``` {json}{
"data": [
{
"type": "events",
"id": "SGSKA_iJOm9T7SCd",
"attributes": {
"name": "api.account.rules.settings.get",
"time": 1652072504813
},
"relationships": {
"organisation": {
"data": {
"type": "organisation",
"id": "91028235"
}
},
"account": {
"data": {
"type": "account",
"id": "63457713-88ae-4d70-bc4d-f0f488"
}
},
"user": {
"data": {
"type": "user",
"id": "urn:cloudone:identity:in-1:910235:apikeytmc128KCmdbPNs6BDA"
}
},
"parent": {
"data": null
},
"rule": {
"data": null
},
"check": {
"data": null
}
}
},
{
"type": "events",
"id": "XnZswGP1e-rrfxVm",
"attributes": {
"name": "account.subscription.updated",
"time": 1651055624564,
"extra": {
"security": true,
"cost": false,
"rtm": true
},
"description": "The subscription for this account has been updated"
},
"relationships": {
"organisation": {
"data": {
"type": "organisation",
"id": "910235"
}
},
"account": {
"data": {
"type": "account",
"id": "63457713-88ae-4d70-bc4d-f0f1488"
}
},
"user": {
"data": {
"type": "user",
"id": "urn:cloudone:identity:in-1:91028235:user/ffd1d43f-b5c8-4c91-9ce9-091"
}
},
"parent": {
"data": null
},
"rule": {
"data": null
},
"check": {
"data": null
}
}
}
],
"meta": {
"total-hits": 7,
"total-pages": 1,
"filter": {
"statuses": [],
"services": [],
"ruleIds": [],
"userIds": [],
"parentId": null,
"regions": [],
"categories": [],
"compliances": [],
"riskLevels": [],
"resources": [],
"tags": [],
"identities": [],
"aws": false,
"cc": true,
"azure": false,
"since": null,
"until": null,
"name": "",
"suppressed": true,
"pageSize": 100,
"pageNumber": 0
}
},
"error": null,
"has_error": false
}Get Check Details
Get check details by Id.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Check Id | Jinja-templated text containing the Cloud Conformity ID of the check. | Required |
Filter | Jinja-templated text containing all the filter. Example: 'filter[notes]=true&filter[notesLength]=10' | Optional |
Output
JSON containing following items:
``` {json}{ "data": { "type": "checks", "id": "ccc:63457713-88ae-4d70-bc4d-f08:EC2-042:EC2:us-east-2:sg-02a0606", "attributes": { "region": "us-east-2", "status": "SUCCESS", "risk-level": "MEDIUM", "pretty-risk-level": "Medium", "message": "Security group CentOS 7 -x86_64- - with Updates HVM-1901_01-AutogenByAWSMP-2 doesn't allow ingress from 0.0.0.0/0 or ::/0 to ports 20, 21", "resource": "sg-02a06a2b806", "descriptorType": "ec2-securitygroup", "link-title": "sg-02a06a28806", "resourceName": "EC2 Security Group", "last-modified-date": 1651055882011, "created-date": 1651055882011, "categories": [ "security" ], "compliances": [ "AWAF", "NIST4", "NIST5", "ENISA", "FISC-V9" ], "ccrn": "ccrn:aws:63457713-88ae-4d70-b290d488:EC2:us-east-2:sg-02004f8806", "extradata": [ { "name": "Attachments", "label": "Attachments", "value": "", "type": "META" }, { "name": "Description", "label": "Description", "value": "This security group was generated by AWS Marketplace and is based on recommended settings for CentOS 7 (x86_64) - with Updates HVM version 1901_01 provided by Centos.org", "type": "META" } ], "tags": [], "cost": 0, "waste": 0, "notes": [], "not-scored": false, "excluded": false, "rule-title": "Unrestricted FTP Access", "provider": "aws", "resolution-page-url": "https://www.cloudconformity.com/knowledge-base/aws/EC2/unrestricted-ftp-access.html#91028235", "service": "EC2" }, "relationships": { "rule": { "data": { "type": "rules", "id": "EC2-042" } }, "account": { "data": { "type": "accounts", "id": "63457713-88ae-4d70-bc4d-f00d488" } } } }, "error": null, "has_error": false }
## List Rule Settings
List all rule settings.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------------- | :----------------------------------------------------------------------------------------------------------- | :------- |
| Account Id | [Jinja-templated](doc:jinja-template) text containing the Cloud Conformity ID of the accounts. Example '123' | Required |
| Include Defaults | Select whether or not to include default rule settings. (Default is 'false') | Optional |
### Output
JSON containing following items:
``` {json}{
"data": {
"type": "accounts",
"id": "96d2d6de-8afa-4144-ada3-dadsfasb151060b",
"attributes": {
"settings": {
"rules": [
{
"enabled": false,
"id": "S3-122",
"riskLevel": "HIGH"
}
],
"access": {}
},
"access": null,
"cloud-type": "aws"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "633501232060"
}
}
}
},
"error": null,
"has_error": false
}Get Rule Setting
Get rule setting.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Account Id | Jinja-templated text containing the Cloud Conformity ID of the accounts. Example '123' | Required |
Rule Id | Jinja-templated text containing the ID of the rule. Example '123' | Required |
Include Notes | Select whether to get notes for the specified rule setting. (Default is False) | Optional |
Output
JSON containing following items:
``` {json}{ "data": { "type": "accounts", "id": "96d2d6de-8afa-4144-ada3-d612343251060b", "attributes": { "settings": { "rules": [ { "enabled": false, "id": "S3-122", "riskLevel": "HIGH" } ], "access": {} }, "access": null, "cloud-type": "aws" }, "relationships": { "organisation": { "data": { "type": "organisations", "id": "633523472060" } } } }, "error": null, "has_error": false }
List Custom Rules
List all custom rules.
Input Field
Choose a connection that you have previously created.
Output
JSON containing following items:
``` {json}{ "error_response": { "errors": [ { "status": 403, "source": { "pointer": "/custom-rules" }, "detail": "Forbidden" } ] }, "error": "Error(403) occurred while sending the request. Please follow the https://cloudone.trendmicro.com/docs/conformity/api-reference/tag/Custom-Rules/#paths/~1custom-rules/get. 403 Client Error: Forbidden for url: https://conformity.in-1.cloudone.trendmicro.com/api/custom-rules", "has_error": true }
List All Profiles
List all profiles.
Input Field
Choose a connection that you have previously created.
Output
JSON containing following items:
``` {json}{ "meta": {}, "data": [], "error": null, "has_error": false }
List All Reports
List all reports.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Account Id | Jinja-templated text containing the Cloud Conformity ID of the accounts. Example '123' | Optional |
Group Id | Jinja-templated text containing the Group ID. Example '123' | Optional |
Report Config Id | Jinja-templated text containing the Report Config ID. Example 'reportConfigId[accountId]=123&reportConfigId[groupId]=14573&reportConfigId[organisationId]=05746378' | Optional |
Output
JSON containing the following items:
``` {json}{ "data": [ { "type": "reports", "id": "abc123", "attributes": { "title": "Organisation Report", "created-date": 1581378332097, "entity-id": "accountId", "report-config-id": "accountId:CONFORMITY_BOT", "status": "READY", "formats": [ "CSV" ], "included": [ { "report-download-endpoint": "https://us-west-2-api.cloudconformity.com/v1/reports/abc123/accountId/csv", "type": "CSV" } ] } } ], "error": null, "has_error": false }
Get Services
Get Services.
Input Field
Choose a connection that you have previously created.
List Template Scanner Rules
List template scanner rules.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Type | Jinja-templated text containing the type of template(cloudformation-template/terraform-template). Default is 'cloudformation-template' | Optional |
Output
JSON containing the following items:
``` {json}{ "data": [ { "type": "services", "id": "EC2", "attributes": { "name": "EC2", "provider": "aws" }, "relationships": { "rules": [ { "type": "rules", "id": "EC2-001" } ] } } ], "included": [ { "id": "EC2-002", "name": "SecurityGroupPortRange", "description": "Ensure no security group opens range of ports", "title": "Security Group Port Range", "categories": [ "security" ], "risk-level": "HIGH", "multi-risk-level": true, "knowledge-base-html": "security-group-port-range", "must-be-configured": true, "package": "base", "is-organisational": true, "not-scored": true, "level": "resource", "release-date": "2019-08-24T14:15:22Z", "update-date": "2019-08-24T14:15:22Z", "is-deprecated": true, "provider": "aws", "compliances": [ "NIST4", "AWAF" ] } ], "error": null, "has_error": false }
Scan A Template
Scan a template.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Type | Jinja-templated text containing the type of template(cloudformation-template/terraform-template). | Required |
Contents | Jinja-templated text containing the stringified representation of the template to scan. | Required |
Account Id | Jinja-templated text containing the comma separated Cloud Conformity ID of the account. Example '123' | Optional |
Arguments | Jinja-templated text containing the array of objects containing parameter name and values. Example '[{"name1":"value1"},{"name2":"value2"}]' | Optional |
Profile Id | Jinja-templated text containing the profile ID. Example '123' | Optional |
Pseudo Arguments | Jinja-templated text containing object containing pseudo parameter name and values. Example '{"AWS::AccountId":"abcd1234","AWS::Region":"eu-west-1"}' | Optional |
Output
JSON containing the following items:
``` {json}{ "data": [ { "type": "checks", "id": "ccc:H19NxM15-:CUSTOM-001:EC2:us-west-2:sg-956d00ea", "attributes": { "accountId": "FJagHgv1g", "categories": [ "security" ], "compliances": [ "NIST4", "AWAF" ], "cost": 3.1968, "created-date": 1521660152755, "descriptorType": "s3-bucket", "eventId": "Skzp7ra1WW", "excluded": false, "extradata": [ { "label": "Group Id", "name": "GroupId", "type": "META", "value": "sg-2e885d00" } ], "failure-discovery-date": 1521660152755, "failure-introduced-by": "someone@test.com", "ignored": false, "last-updated-date": 1521660152755, "last-updated-by": "someone@test.com", "last-modified-date": 1521660152755, "lastStatusUpdateDate": 1521660152755, "link": "https://s3.console.aws.amazon.com/s3/buckets/gm-bucket-4/?region=us-east-1&tab=overview", "link-title": "gm-bucket-4", "message": "Bucket S3Bucket allows public 'READ' access.", "not-scored": false, "notes": [ { "createdBy": "SYmS0YcL-", "createdDate": 1511456432526, "note": "hello world" } ], "organisationId": "F1r9_41ul", "pretty-risk-level": "Medium", "provider": "aws", "providerResourceId": "arn:aws:sns:us-east-1:123456789012:MyTopic", "region": "us-west-2", "resolved-date": 1521660152755, "resolved-by": "someone@test.com", "resolution-page-url": "https://www.cloudconformity.com/conformity-rules/IAM/unused-iam-group.html#", "resource": "S3Bucket", "resourceName": "KeyVault Vault", "risk-level": "HIGH", "rule-title": "Custom Rule about EC2 SGs", "service": "S3", "status": "SUCCESS", "suppressed": true, "suppressed-until": 1521660152755, "tags": [ "key0::value0", "key1::value1" ], "ttl": 1521660152755, "waste": 54.32 }, "relationships": { "rule": { "data": { "type": "rules", "id": "CUSTOM-001" } }, "account": { "data": { "type": "accounts", "id": "H19NxM15-" } } } } ], "meta": { "missingParameters": [ "AmazonASN" ], "errors": [ { "ruleId": "ACM-001", "resourceId": "i-1234567890abcdef0", "errorMessage": "UNKNOWN ERROR" } ] }, "error": null, "has_error": false }
Get Group Details
Get group details by its Id.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Group Id | Jinja-templated text containing the Group Id. Example '123' | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "data": [ { "type": "groups", "id": "uUmE2v0ns", "attributes": { "name": "test-group", "tags": [ "dev-environment" ], "created-date": 1587441074460, "last-modified-date": 1590647034893 }, "relationships": { "organisation": { "data": { "type": "organisations", "id": "B1nHYYpwx" } }, "accounts": { "data": [ { "type": "accounts", "id": "16gZQXGZf" } ] } } } ] }, "error": null, "has_error": false }
Download Report
Download report.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Report Id | Jinja-templated text containing the Report Id. Example '123' | Required |
Entity Id | Jinja-templated text containing the Entity Id. Example '123' | Required |
Type | Jinja-templated text containing the report type(pdf/csv/xlsx). Example 'pdf' | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "url": "string" }, "error": null, "has_error": false }
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.3.0- Added 5 new actions:Run Custom Rule,Get Group Details,Get Profile And Rule Settings,Download ReportandGet Custom Rule.v1.2.1- Added 6 new actions:List All Groups,List All Reports,Get Excluded Resources,Get Services,List Template Scanner RulesandScan A Template.v1.1.1- Added 6 new actions:List All Profiles,Get Organisation External ID,List Custom Rules,Scan Account,Get Rule SettingandList Rule Settings.v1.0.1- Added 5 new actions:List All Accounts,Get Account Details,List events,List All Account ChecksandGet Check Details.