To forward Vision One XDR logs (Workbench, Observed Attack Techniques, Account Audit, and
System Audit) in CEF format, complete the following steps.
Procedure
- Log in to Trend Micro Vision One console.
-
Go to .
-
Enable the Syslog Connector.
-
Select the event types to forward:
- Workbench alerts
- Observed Attack Techniques
- Audit Logs
- Click Connect Syslog Server and configure:
- Server Address: QRadar IP or FQDN
- Port: 514 (UDP/TCP) or 6514 (TLS)
- Syslog Format: Select CEF
- Protocol: UDP, TCP, or TLS
- Certificates: Upload or configure if TLS is selected
- Select a Service Gateway appliance with the Syslog Connector service installed from the
Service Gateway drop-down list.
- Optional: Test Connection, then click Connect to apply.
For more
information, see
.