You can integrate a Trend Micro Apex One 8.x device with IBM
QRadar.
Procedure
-
Log in to the Apex One Administration interface.
-
Select Notifications.
-
Configure the General Settings for SNMP Traps: In the Server IP Address
field, type the IP address of the QRadar.
Note: Do not change the community trap information.
-
Click Save.
-
Configure the Standard Alert Notification: Select Standard
Notifications.
-
Click the SNMP Trap tab.
-
Select the Enable notification via SNMP Trap for Virus/Malware
Detections check box.
-
Type the following message in the field (this should be the default):
Virus/Malware: %v Computer: %s Domain: %m File: %p Date/Time:
%y Result: %a
-
Select the Enable notification via SNMP Trap for Spyware/Grayware
Detections check box.
-
Type the following message in the field (this should be the default):
Spyware/Grayware: %v Computer: %s Domain: %m Date/Time: %y Result:
%a
-
Click Save.
-
Configure Outbreak Alert Notifications: Select Out Notifications.
-
Click the SNMP Trap tab.
-
Select the Enable notification via SNMP Trap for Virus/Malware Outbreaks
check box.
-
Type the following message in the field (this should be the default):
Number of viruses/malware: %CV Number of computers: %CC Log
Type Exceeded: %A Number of firewall violation logs: %C Number of shared
folder sessions: %S Time Period: %T
-
Select the Enable notification via SNMP Trap for Spyware/Grayware
Outbreaks check box.
-
Type the following message in the field (this should be the default):
Number of spyware/grayware: %CV Number of computers: %CC Log
Type Exceeded: %A Number of firewall violation logs: %C Number of shared
folder sessions: %S Time Period: %T
-
Click Save.
What to do next
Configure a log source in QRadar by using the SNMPv2
protocol. For more information, see SNMPv2 log source parameters for Trend Micro Apex One.