Trend Micro Deep Discovery Director

The IBM QRadar DSM for Trend Micro Deep Discovery Director collects LEEF formatted events from a Trend Micro Deep Discovery Director device.

To integrate Trend Micro Deep Discovery Director with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • Trend Micro Deep Discovery Inspector DSM RPM
    • Trend Micro Deep Discovery Director DSM RPM
  2. Configure your Trend Micro Deep Discovery Director device to send events to QRadar.
  3. If QRadar does not automatically detect the log source, add a Trend Micro Deep Discovery Director log source on the QRadar Console. The following table describes the parameters that require specific values to collect Syslog events from Trend Micro Deep Discovery Director:
    Table 1. Trend Micro Deep Discovery Director Syslog log source parameters
    Parameter Value
    Log Source type Trend Micro Deep Discovery Director
    Protocol Configuration Syslog
    Log Source Identifier The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.