Up
Previous Next

Sheriff CSM™

Trend Micro Vulnerability Protection

When you configure Trend Micro Vulnerability Protection to send log data to Sheriff CSM, you can use the Trend Micro Vulnerability Protection plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	Trend Micro
Device Type	Endpoint Security
Connection Type	Syslog
Data Source Name	Trendmicro-vp
Data Source ID	1910

Integrating Trend Micro Vulnerability Protection

Before you configure the Trend Micro Vulnerability Protection integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Trend Micro Vulnerability Protection to send Syslog messages to Sheriff CSM

You can configure Vulnerability Protection Manager to instruct all managed computers to send logs to the Syslog computer, or you can configure individual computers independently. To configure the Manager to instruct all managed computers to use Syslog:

1. Select Administration > System Settings and open the SIEM tab.

2. In the System Event Notification area (of the Manager), select the Forward System Events to a remote computer (via Syslog) option.

3. Enter the IP address of your Sheriff CSM.

4. Enter the port 514.

5. Select which Syslog facility to use.

6. Select the Common Event Format 1.0 log format. (The "Basic Syslog" format is listed only for legacy support and should not be used for new integrations.)

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://docs.trendmicro.com/all/ent/vp/v2.0/en-us/vp_2.0_ag.pdf

For troubleshooting, see the vendor documentation.