Configuring Trend Micro Deep Discovery Director to communicate with QRadar

To collect events from Trend Micro Deep Discovery Director, configure your Trend Micro Deep Discovery Director device to forward syslog events to QRadar.

Procedure

  1. Log in to your Trend Micro Deep Discovery Director device.
  2. Click Administration > Integrated Products/Services > Syslog.
  3. Click Add, and then select Enabled.
  4. Configure the parameters in the following table.
    Parameter Description
    Profile name The name for the Deep Discovery Director syslog server.
    Server address The IP address of your QRadar Console or Event Collector.
    Port
    • SSL/TLS - 6514 (default port)
    • TCP - 601
    • UDP - 514
    Protocol
    • SSL/TLS
    • TCP
    • UDP
    Log format LEEF
    Scope The events that you want to forward to QRadar.
  5. Click Save.