Trend Micro Deep Security
The IBM® QRadar® DSM for Trend Micro Deep Security can collect logs from your Trend Micro Deep Security server.
The following table identifies the specifications for the Trend
Micro Deep Security DSM:
| Specification | Value |
|---|---|
| Manufacturer | Trend Micro |
| DSM name | Trend Micro Deep Security |
| RPM file name | DSM-TrendMicroDeepSecurity-Qradar_version-build_number.noarch.rpm |
| Supported versions |
V9.6.1532 to V12.0 |
| Event format | Log Event Extended Format |
| Recorded event types | Anti-Malware Deep Security Firewall Integrity Monitor Intrusion Prevention Log Inspection System Web Reputation |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Trend Micro website (https://www.trendmicro.com/us/) |
To integrate Trend Micro Deep Security with QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console:
- Trend Micro Deep Security DSM RPM
- DSMCommon RPM
- Configure your Trend Micro Deep Security device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add
a Trend Micro Deep Security DSM log source on
the QRadar
Console. The following table describes the parameters
that require specific values for Trend Micro Deep
Security DSM event collection:
Table 2. Trend Micro Deep Security DSM log source parameters Parameter Value Log Source type Trend Micro Deep Security Protocol Configuration Syslog