Trend Micro Deep Security
The IBM® QRadar® DSM for Trend Micro Deep Security can collect logs from your Trend Micro Deep Security server.
The following table identifies the specifications for the Trend
Micro Deep Security DSM:
Specification | Value |
---|---|
Manufacturer | Trend Micro |
DSM name | Trend Micro Deep Security |
RPM file name | DSM-TrendMicroDeepSecurity-Qradar_version-build_number.noarch.rpm |
Supported versions |
V9.6.1532 to V12.0 |
Event format | Log Event Extended Format |
Recorded event types | Anti-Malware Deep Security Firewall Integrity Monitor Intrusion Prevention Log Inspection System Web Reputation |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | Trend Micro website (https://www.trendmicro.com/us/) |
To integrate Trend Micro Deep Security with QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console:
- Trend Micro Deep Security DSM RPM
- DSMCommon RPM
- Configure your Trend Micro Deep Security device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add
a Trend Micro Deep Security DSM log source on
the QRadar
Console. The following table describes the parameters
that require specific values for Trend Micro Deep
Security DSM event collection:
Table 2. Trend Micro Deep Security DSM log source parameters Parameter Value Log Source type Trend Micro Deep Security Protocol Configuration Syslog