Trend Micro Deep Discovery Email Inspector

The IBM QRadar DSM for Trend Micro Deep Discovery Email Inspector collects events from a Trend Micro Deep Discovery Email Inspector device.

The following table describes the specifications for the Trend Micro Deep Discovery Email Inspector DSM:
Table 1. Trend Micro Deep Discovery Email Inspector DSM specifications
Specification Value
Manufacturer Trend Micro
DSM name Trend Micro Deep Discovery Email Inspector
RPM file name DSM-TrendMicroDeepDiscoveryEmailInspector-Qradar_version-build_number.noarch.rpm
Supported versions V3.0
Event format Log Event Extended Format (LEEF)
Recorded event types

Detections

Virtual analyzer analysis logs

System events

Alert events

Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Trend Micro website (http://www.trendmicro.ca)
To integrate Trend Micro Deep Discovery Email Inspector with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Trend Micro Deep Discovery Email Inspector DSM RPM
    • DSM Common RPM
  2. Configure your Trend Micro Deep Discovery Email Inspector device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a Trend Micro Deep Discovery Email Inspector log source on the QRadar Console. The following table describes the parameters that require specific values for Trend Micro Deep Discovery Email Inspector event collection:
    Table 2. Trend Micro Deep Discovery Email Inspector log source parameters
    Parameter Description
    Log Source type Trend Micro Deep Discovery Email Inspector
    Protocol Configuration Syslog