Configuring Trend Micro Apex Central to communicate with QRadar

Configure your Trend Micro Apex Central device to forward Common Event Format (CEF) events to IBM® QRadar®.

Procedure

  1. Log in to your Apex Central console as Administrator.
  2. Configure the syslog settings.
    1. Click Detections > Notifications > Notifications Method Settings.
    2. In the Syslog Settings section, configure the following parameters:
      Table 1. Syslog Settings parameters
      Parameter Value
      Server IP address The IPv4 or IPv6 address of your syslog server.
      Port The port number of your syslog server.
      Facility Select the facility code.
    3. Click Save.
  3. Enable syslog forwarding.
    1. Click Administration > Settings > Syslog Settings.
    2. Select the Enable syslog forwarding checkbox.
    3. To send events to QRadar, configure the following syslog forwarding parameters:
      Table 2. Syslog forwarding parameters
      Parameter Value
      Server address The IP address of your QRadar Console or Event Collector.
      Port
      • SSL/TLS - 6514 (default port)
      • TCP - 514
      • UDP - 514
      Protocol
      • SSL/TLS
      • TCP
      • UDP
      Format CEF
      Log type Select Security logs from the list, and then select the types of events that you want to forward to QRadar.
    4. To test the connection, click Test Connection.
    5. Click Save.

    For more information about configuring Trend Micro Apex Central, see the Trend Micro Technical Support documentation (https://success.trendmicro.com/solution/000152501-SIEM-solutions-integration-with-Apex-Central#collapseTwo).