Trend Micro Deep Security Inspector
When you configure Trend Micro Deep Security Inspector to send log data to Sheriff CSM, you can use the Trend Micro Deep Discovery Inspector plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin InformationDevice | Details |
---|---|
Vendor | Trend Micro |
Device Type | Intrusion Detection |
Connection Type | Syslog |
Data Source Name | Trendmicro-ddi |
Data Source ID | 1905 |
Integrating Trend Micro Deep Discovery Inspector
Before you configure the Trend Micro Deep Discovery Inspector integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy). To configure Trend Micro Deep Discovery Inspector to send Syslog messages to Sheriff CSM-
From the Trend Micro Deep Discovery Inspector Management Console, open the Syslog page display:
- For versions 3.6 and 3.7, select Logs > Syslog Server Settings.
- For version 3.8, select Administration > Integrated Products / Services > Syslog.
-
From the Syslog page, click Add. The Add Syslog Server page appears.
-
From the Add Syslog Server page, select Enable syslog server and specify the following:
- Server name or IP address: Sheriff CSM IP Address
- Port: 514
- Protocol: UDP
- Facility level: Any
- Severity level: Any
- Log format: CEF
-
Under Detection Logs, select all log types.
-
Click Save.