Trend Micro Deep Discovery Analyzer
The IBM® QRadar® DSM for Trend Micro Deep Discovery Analyzer collects event logs from your Trend Micro Deep Discovery Analyzer console.
The following table identifies the specifications for the Trend Micro Deep Discovery
Analyzer DSM:
| Specification | Value |
|---|---|
| Manufacturer | Trend Micro |
| DSM name | Trend Micro Deep Discovery Analyzer |
| RPM file name | DSM-TrendMicroDeepDiscoveryAnalyzer-QRadar_version-build_number.noarch.rpm |
| Supported versions | 5.0, 5.5, 5.8 and 6.0 |
| Event format | LEEF |
| QRadar recorded event types | All events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Trend Micro website (http://www.trendmicro.com/en_us/business/products/network/advanced-threat-protection/analyzer.html) |
To send Trend Micro Deep Discovery Analyzer events to QRadar, complete the following steps:
- If automatic updates are not enabled, download the most recent versions of the following RPMs
from the IBM Support Website.
- DSMCommon RPM
- Trend Micro Deep Discovery Analyzer DSM
- Configure your Trend Micro Deep Discovery Analyzer device to communicate with QRadar.
- If QRadar does not
automatically detect Trend Micro Deep Discovery Analyzer as a log source, create a Trend Micro Deep
Discovery Analyzer log source on the QRadar Console. Configure all
required parameters and use the following table to determine specific values that are required for
Trend Micro Deep Discovery Analyzer event collection:
Table 2. Trend Micro Deep Discovery Analyzer log source parameters Parameter Value Log Source type Trend Micro Deep Discovery Analyzer Protocol Configuration Syslog