Trend Micro Cloud One API Key
Service Name: Trend Micro Cloud One
Service Description: Trend Micro Cloud One is a security services platform for cloud builders, providing automated protection for workloads, containers, applications, and cloud infrastructure. It offers a unified security solution across multiple cloud environments.
Service Address: https://cloudone.trendmicro.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the Cloud One console.
Secret Access Scope: Grants programmatic access to Trend Micro Cloud One services including Workload Security, Container Security, Application Security, Network Security, and File Storage Security.
Secret Revokement URL: https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-api-keys/
Secret Example: Yj8iNzc0MDY5Nzg5NjU0OjJmZDQ5ZGRkLTg4YjMtNGUzYS1hMmI5LTZlOGRlYTc0YWE2Nw==
Suspicious Activity Investigation Instructions:
- Review Cloud One audit logs for unusual API calls or configuration changes
- Check for unauthorized access to Cloud One resources or services
- Monitor for unexpected policy changes or security rule modifications
- Verify if there are any new API keys created without authorization
- Examine any unusual scanning patterns or resource access
Mitigation Instructions:
- Log in to the Trend Micro Cloud One console
- Navigate to Administration > API Keys
- Locate the compromised API key
- Click on the three dots menu next to the key and select "Delete"
- Confirm the deletion
- Create a new API key with appropriate permissions if needed
- Update any legitimate applications or services that were using the old key
- Review all security policies and settings to ensure no unauthorized changes
were made