Trend Micro Vision One

The IBM QRadar DSM for Trend Micro Vision One parses events that are issued by Trend Micro Vision One components.

To integrate Trend Micro Vision One with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • TrendMicroVisionOne DSM RPM
    • DSMCommon RPM
  2. Configure your Trend Micro Vision One console to send events to QRadar. For more information, see Configuring Trend Micro Vision One.
  3. If QRadar does not automatically detect the log source, add a Trend Micro Vision One log source on the QRadar Console. For more information, see Syslog log source parameters for Trend Micro Vision One and TLS Syslog log source parameters for Trend Micro Vision One.
    Note: Some event logs are common between Trend Micro Vision One and Trend Micro Deep Security. If both DSMs are installed on the system, Vision One LEEF logs might be parsed by the Deep Security DSM