Trend Micro Deep Discovery Inspector

The IBM QRadar DSM for Trend Micro Deep Discovery Inspector can receive event logs from your Trend Micro Deep Discovery Inspector console.

The following table identifies the specifications for the Trend Micro Deep Discovery Inspector DSM:
Table 1. Trend Micro Deep Discovery Inspector DSM specifications
Specification Value
Manufacturer Trend Micro
DSM name Trend Micro Deep Discovery Inspector
RPM file name DSM-TrendMicroDeepDiscovery-QRadar_version-build_number.noarch.rpm
Supported versions V3.0 to V3.8, V5.0 and V5.1
Event format LEEF
QRadar recorded event types Malicious content

Malicious behavior

Suspicious behavior

Exploit

Grayware

Web reputation

Disruptive application

Sandbox

Correlation

System

Update

Automatically discovered? Yes
Included identity? No
Includes custom properties? No
More information Trend Micro website (https://www.trendmicro.com/en_us/business/products/network/advanced-threat-protection/inspector.html)
To send Trend Micro Deep Discovery Inspector events to QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent versions of the following RPMs from the IBM® Support Website:
    • DSMCommon RPM
    • Trend Micro Deep Discovery Inspector DSM
  2. Configure your Trend Micro Deep Discovery Inspector device to send events to QRadar.
  3. If QRadar does not automatically detect Trend Micro Deep Discovery Inspector as a log source, create a Trend Micro Deep Discovery Inspector log source on the QRadar Console. The following table shows the protocol-specific values for Trend Micro Deep Discovery Inspector event collection:
    Table 2. Trend Micro Deep Discovery Inspector log source parameters
    Parameter Value
    Log Source type Trend Micro Deep Discovery Inspector
    Protocol Configuration Syslog