Skip to content

Trend Micro Cloud One API Key

Service Name: Trend Micro Cloud One

Service Description: Trend Micro Cloud One is a security services platform for cloud builders, providing automated protection for workloads, containers, applications, and cloud infrastructure. It offers a unified security solution across multiple cloud environments.

Service Address: https://cloudone.trendmicro.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through the Cloud One console.

Secret Access Scope: Grants programmatic access to Trend Micro Cloud One services including Workload Security, Container Security, Application Security, Network Security, and File Storage Security.

Secret Revokement URL: https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-api-keys/

Secret Example: Yj8iNzc0MDY5Nzg5NjU0OjJmZDQ5ZGRkLTg4YjMtNGUzYS1hMmI5LTZlOGRlYTc0YWE2Nw==

Suspicious Activity Investigation Instructions:

  • Review Cloud One audit logs for unusual API calls or configuration changes
  • Check for unauthorized access to Cloud One resources or services
  • Monitor for unexpected policy changes or security rule modifications
  • Verify if there are any new API keys created without authorization
  • Examine any unusual scanning patterns or resource access

Mitigation Instructions:

  • Log in to the Trend Micro Cloud One console
  • Navigate to Administration > API Keys
  • Locate the compromised API key
  • Click on the three dots menu next to the key and select "Delete"
  • Confirm the deletion
  • Create a new API key with appropriate permissions if needed
  • Update any legitimate applications or services that were using the old key
  • Review all security policies and settings to ensure no unauthorized changes

were made