Trend Micro Deep Security
The IBM QRadar DSM for Trend Micro Deep Security can collect logs from your Trend Micro Deep Security server.
The following table identifies the specifications for the Trend
Micro Deep Security DSM:
| Specification | Value |
|---|---|
| Manufacturer | Trend Micro |
| DSM name | Trend Micro Deep Security |
| RPM file name | DSM-TrendMicroDeepSecurity-Qradar_version-build_number.noarch.rpm |
| Supported versions |
V9.6.1532 to V12.0 |
| Event format | Log Event Extended Format |
| Recorded event types | Anti-Malware Deep Security Firewall Integrity Monitor Intrusion Prevention Log Inspection System Web Reputation |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Trend Micro website (https://www.trendmicro.com/us/) |
To integrate Trend Micro Deep Security with QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Trend Micro Deep Security DSM RPM
- DSMCommon RPM
- Configure your Trend Micro Deep Security device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add
a Trend Micro Deep Security DSM log source on
the QRadar
Console. The following table describes the parameters
that require specific values for Trend Micro Deep
Security DSM event collection:
Table 2. Trend Micro Deep Security DSM log source parameters Parameter Value Log Source type Trend Micro Deep Security Protocol Configuration Syslog