Trend Micro Deep Discovery Inspector
The IBM QRadar DSM for Trend Micro Deep Discovery Inspector can receive event logs from your Trend Micro Deep Discovery Inspector console.
The following table identifies the specifications for the Trend Micro Deep Discovery
Inspector DSM:
Specification | Value |
---|---|
Manufacturer | Trend Micro |
DSM name | Trend Micro Deep Discovery Inspector |
RPM file name | DSM-TrendMicroDeepDiscovery-QRadar_version-build_number.noarch.rpm |
Supported versions | V3.0 to V3.8, V5.0 and V5.1 |
Event format | LEEF |
QRadar recorded event types | Malicious content Malicious behavior Suspicious behavior Exploit Grayware Web reputation Disruptive application Sandbox Correlation System Update |
Automatically discovered? | Yes |
Included identity? | No |
Includes custom properties? | No |
More information | Trend Micro website (https://www.trendmicro.com/en_us/business/products/network/advanced-threat-protection/inspector.html) |
To send Trend Micro Deep Discovery Inspector events to QRadar, complete
the following steps:
- If automatic updates are not enabled, download the most recent versions of the
following RPMs from the IBM® Support Website:
- DSMCommon RPM
- Trend Micro Deep Discovery Inspector DSM
- Configure your Trend Micro Deep Discovery Inspector device to send events to QRadar.
- If QRadar
does not automatically detect Trend Micro Deep Discovery Inspector as a log source, create a Trend
Micro Deep Discovery Inspector log source on the QRadar Console. The following
table shows the protocol-specific values for Trend Micro Deep Discovery Inspector event
collection:
Table 2. Trend Micro Deep Discovery Inspector log source parameters Parameter Value Log Source type Trend Micro Deep Discovery Inspector Protocol Configuration Syslog