Trend Micro Deep Discovery Director
The IBM QRadar DSM for Trend Micro Deep Discovery Director collects LEEF formatted events from a Trend Micro Deep Discovery Director device.
To integrate Trend Micro Deep Discovery Director with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- Trend Micro Deep Discovery Inspector DSM RPM
- Trend Micro Deep Discovery Director DSM RPM
- Configure your Trend Micro Deep Discovery Director device to send events to QRadar.
- If QRadar does not
automatically detect the log source, add a Trend Micro Deep Discovery Director log source on the QRadar
Console. The following table describes
the parameters that require specific values to collect Syslog events from Trend Micro Deep Discovery
Director:
Table 1. Trend Micro Deep Discovery Director Syslog log source parameters Parameter Value Log Source type Trend Micro Deep Discovery Director Protocol Configuration Syslog Log Source Identifier The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.