Integrating with Trend Micro Apex One 8.x

You can integrate a Trend Micro Apex One 8.x device with IBM QRadar.

Procedure

  1. Log in to the Apex One Administration interface.
  2. Select Notifications.
  3. Configure the General Settings for SNMP Traps: In the Server IP Address field, type the IP address of the QRadar.
    Note: Do not change the community trap information.
  4. Click Save.
  5. Configure the Standard Alert Notification: Select Standard Notifications.
  6. Click the SNMP Trap tab.
  7. Select the Enable notification via SNMP Trap for Virus/Malware Detections check box.
  8. Type the following message in the field (this should be the default):

    Virus/Malware: %v Computer: %s Domain: %m File: %p Date/Time: %y Result: %a

  9. Select the Enable notification via SNMP Trap for Spyware/Grayware Detections check box.
  10. Type the following message in the field (this should be the default):

    Spyware/Grayware: %v Computer: %s Domain: %m Date/Time: %y Result: %a

  11. Click Save.
  12. Configure Outbreak Alert Notifications: Select Out Notifications.
  13. Click the SNMP Trap tab.
  14. Select the Enable notification via SNMP Trap for Virus/Malware Outbreaks check box.
  15. Type the following message in the field (this should be the default):

    Number of viruses/malware: %CV Number of computers: %CC Log Type Exceeded: %A Number of firewall violation logs: %C Number of shared folder sessions: %S Time Period: %T

  16. Select the Enable notification via SNMP Trap for Spyware/Grayware Outbreaks check box.
  17. Type the following message in the field (this should be the default):

    Number of spyware/grayware: %CV Number of computers: %CC Log Type Exceeded: %A Number of firewall violation logs: %C Number of shared folder sessions: %S Time Period: %T

  18. Click Save.

What to do next

Configure a log source in QRadar by using the SNMPv2 protocol. For more information, see SNMPv2 log source parameters for Trend Micro Apex One.