Configuring your Trend Micro Deep Discovery Analyzer instance for communication with QRadar
To collect Trend Micro Deep Discovery Analyzer events, configure your third-party instance to enable logging.
Procedure
- Log in to the Deep Discovery Analyzer web console.
-
To configure Deep Discovery Analyzer V5.0, follow these steps:
- Click Administration > Log Settings.
- Select Forward logs to a syslog server.
- Select LEEF as the log format.
- Select the protocol that you want to use to forward the events.
- In the Syslog server field, type the host name or IP address of your QRadar Console or Event Collector.
- In the Port field, type 514.
-
To configure Deep Discovery Analyzer V5.5, follow these steps:
- Click Administration > Log Settings.
- Select Send logs to a syslog server.
- In the Server field, type the host name or IP address of your QRadar Console or Event Collector.
- In the Port field, type 514.
- Select the protocol that you want to use to forward the events.
- Select LEEF as the log format.
-
To configure Deep Discovery Analyzer V5.8 or V6.0, follow these steps:
- Click Administration > Integrated Products/Services > Log Settings.
- Select Send logs to a syslog server.
- In the Server address field, type the host name or IP address of your QRadar console or Event Collector.
-
In the Port field, type the port number.
Note: Trend Micro suggests that you use the following default syslog ports: UDP: 514; TCP: 601; and SSL: 443.
- Select the protocol that you want to use to forward the events; UDP/TCP/SSL.
- Select LEEF as the log format.
- Select the Scope of logs to send to the syslog server.
- Optional: Select the Extensions check box if you want to exclude any logs from sending data to the syslog server.
- Click Save.