vision-one

This MCP server provides a bridge between large language models and Trend Vision One web APIs, enabling natural language interactions with security events and related data. It exposes a set of tools organized under categories such as Cloud Posture, IAM, Workbench, and CREM, allowing an LLM-driven workflow to list accounts, fetch alerts, scan configurations, retrieve risk indicators, and more. The server runs with a read-only by default for safety, but can be run in a writable mode if you explicitly configure -readonly=false. To use it, supply your Trend Vision One API key and region, and then call the available MCP tools (for example cloud_posture_accounts_list, iam_accounts_list, workbench_alerts_list, crem_attack_surface_devices_list, etc.) to fetch data or trigger actions via the underlying Trend Vision One API. The MCP server communicates over standard IO transport and is intended for local integrations and command-line tooling rather than exposing a public network service.

Prerequisites:

• Docker installed on your host.
• A Trend Vision One account with an API key and appropriate permissions.

Installation steps:

1. Ensure Docker is running on your machine.

2. Pull and run the MCP server image using the provided Docker configuration:

   • You can run it directly with the following command, substituting your region and API key when prompted:

   docker run -i --rm
   -e TREND_VISION_ONE_API_KEY="<YOUR_API_KEY>"
   ghcr.io/trendmicro/vision-one-mcp-server
   -region <your-region>
   -readonly=true

3. Alternatively, configure the MCP in your VSCode settings as shown in the README snippet, replacing inputs with your API key and region. This will launch the server in a similar Docker-based container with the environment variable wired up.

4. When using in a local environment, ensure your API key is kept secure and only used with approved tools.

Tips and considerations:

• By default the server runs in read-only mode. If you need to perform actions that modify data or configurations, explicitly set -readonly=false in your run configuration.
• Supported regions include au, jp, eu, sg, in, us, and mea; ensure you pass the correct region via the -region flag.
• Keep your API key secure; use environment variables to avoid leaking secrets in logs. The settings.json example shows how to inject the key via env mapping.
• This MCP server is designed for local integrations and CLI tooling via Standard IO; do not expose the server to untrusted networks.
• If you encounter issues, verify that the environment variable TREND_VISION_ONE_API_KEY is correctly passed to the container and that the regional endpoint matches your Vision One instance.