Question & Answer
The Trend Micro Deep Discovery Analyzer Custom Property Extension adds two new properties for administrators. 'Device IP' and 'Device MAC address' are new custom properties created for administrators who want to search for events using an IP address or MAC address. Trend Micro Deep Discovery Analyzer reports Syslog event data to QRadar for the following event types: malware, suspicious activity, system events, and more. It is recommended that administrators install this custom property extension to ensure that device addresses are parsing as intended with the Trend Micro Deep Discovery Analyzer DSM.
Custom event properties added by the Trend Micro Deep Discovery Analyzer extension
|Device MAC Address
Installing a QRadar ExtensionThe Extension Management window in QRadar is used to add applications to your deployment to improve the functionality or add customize content to QRadar. Extensions can contain content, such as rules, reports, searches, reference sets, and dashboards or extensions can install applications that deliver specific new functionality to QRadar. The About tab of this article will outline the contents of the extension being added to QRadar.
- Log in to the QRadar Console as an administrator. If you have not downloaded the extension yet, you can download files from http://apps.xforce.ibmcloud.com/.
- Click the Admin tab.
- Click the Extension Management icon.
- To upload an extension, click Add and select the extension to upload.
- Note:The extension (zip) must be downloaded to your local computer before it can be uploaded to the Console appliance.
- To install the extension immediately, select the Install immediately check box and then click Add.
- A preview of the application content is displayed. You can choose how existing content items are handled.
- To preview the contents of an extension after it is added and before it is installed, select it from the list of extensions, and click More Details.
- Before the extension is installed, the content items are compared to content items that are already in the deployment. If the content items exist, you can choose to overwrite them or to keep the existing data.
After the extension is added, a yellow caution icon in the Status column indicates potential issues with the digital signature. Hover the mouse over the triangle for more information. Extensions that are unsigned or are signed by the developer, but not validated by your vendor, might cause compatibility issues in your deployment.
Was this topic helpful?
03 April 2020