Configuring Trend Micro Deep Discovery Inspector V3.8, V5.0 and V5.1 to send events to QRadar

To collect Trend Micro Deep Discovery Inspector events, configure the device to send events to IBM QRadar.

Procedure

  1. Log in to Trend Micro Deep Discovery Inspector.
  2. Click Administration > Integrated Products/Services > Syslog.
  3. Click Add, and then select Enable Syslog Server.
  4. Configure the following parameters:
    Parameter Description
    Server Name or IP address The IP address of your QRadar Console or Event Collector.
    Port 514
    Protocol TCP
    Facility level Select a facility level that specifies the source of a message.
    Severity level Select a severity level of the type of messages to be sent to the syslog server.
    Log format LEEF
  5. In the Detections pane, select the check boxes for the events that you want to forward to QRadar.
  6. If you need proxy servers for your connections, select Connect through a proxy server. The device uses the settings that are configured in the Administrator > System Settings > Proxy screen.
    Note: If you require the use of proxy servers for intranet connections, select this option.
  7. Click Save.