Configuring Trend Micro Apex Central to communicate with QRadar
Configure your Trend Micro Apex Central device to forward Common Event Format (CEF) events to IBM® QRadar®.
Procedure
- Log in to your Apex Central console as Administrator.
- Configure the syslog settings.
- Click Detections > Notifications > Notifications Method Settings.
- In the Syslog Settings section, configure the following
parameters:
Table 1. Syslog Settings parameters Parameter Value Server IP address The IPv4 or IPv6 address of your syslog server. Port The port number of your syslog server. Facility Select the facility code. - Click Save.
- Enable syslog forwarding.
- Click Administration > Settings > Syslog Settings.
- Select the Enable syslog forwarding checkbox.
- To send events to QRadar, configure the following
syslog forwarding parameters:
Table 2. Syslog forwarding parameters Parameter Value Server address The IP address of your QRadar Console or Event Collector. Port - SSL/TLS - 6514 (default port)
- TCP - 514
- UDP - 514
Protocol - SSL/TLS
- TCP
- UDP
Format CEF Log type Select Security logs from the list, and then select the types of events that you want to forward to QRadar. - To test the connection, click Test Connection.
- Click Save.
For more information about configuring Trend Micro Apex Central, see the Trend Micro Technical Support documentation (https://success.trendmicro.com/solution/000152501-SIEM-solutions-integration-with-Apex-Central#collapseTwo).