Configuring Trend Micro Deep Discovery Email Inspector to communicate with QRadar

To collect events from Trend Micro Deep Discovery Email Inspector, configure a syslog server profile for the IBM QRadar host.

Procedure

  1. Log in to the Trend Micro Deep Discovery Email Inspector user interface.
  2. Click Administration > Log Settings.
  3. Click Add.
  4. Verify that Enabled is selected for Status. The default is Enabled.
  5. Configure the following parameters:
    Parameter Description
    Profile name Specify a name for the profile.
    Syslog server The host name or IP of the QRadar server.
    Port 514
    Log format LEEF
  6. Select Detections, Virtual Analyzer Analysis logs, and System events for the types of events to send to QRadar.