Trend Micro Vision One Connector: Indonesia Region Support Added, Deployments in ID Site Were Unable to Ingest

What Changed

The Trend Micro Vision One Azure Function App connector (v1.2.8 to v1.2.9) adds the Indonesia (id) site to its supported region configuration:

• shared_code/configurations.py: Adds the id API host mapping (https://api.id.xdr.trendmicro.com) to the XDR_HOSTS dictionary.
• azuredeploy_TrendMicroVisionOne_API_FunctionApp.json: Adds “id” to the ARM template allowed values list for the site selection parameter (default remains “us”).
• timer_trigger/init.py and timer_trigger_oat/init.py: Version comment bumped to 1.2.9 (no logic change).

Security Impact (Visibility and Fidelity)

Customers who deployed the Trend Micro Vision One connector targeting the Indonesia site had no valid API endpoint available in the configuration. The connector would fail to resolve a host for that region, resulting in complete ingestion failure for all Trend Micro Vision One telemetry – alerts, detections, and Observed Attack Techniques (OAT) events – from that regional deployment.

With this fix, Indonesian-region deployments can successfully authenticate to the id regional API endpoint and ingest data into the configured Log Analytics workspace. The PR discussion includes invocation log evidence from the contributor confirming successful function execution post-fix.

No detection logic, parser logic, or Analytic Rules were modified.

Affected Files

Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/shared_code/configurations.py
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger/__init__.py
Solutions/Trend Micro Vision One/Data Connectors/AzureFunctionTrendMicroXDR/timer_trigger_oat/__init__.py
Solutions/Trend Micro Vision One/Data Connectors/azuredeploy_TrendMicroVisionOne_API_FunctionApp.json
(packaging artefacts: AzureFunctionTrendMicroXDR.zip)