Documentation Center
AlienVault® USM Appliance™

Trend Micro Deep Security Inspector

When you configure Trend Micro Deep Security Inspector to send log data to USM Appliance, you can use the Trend Micro Deep Discovery Inspector plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Trend Micro
Device Type Intrusion Detection
Connection Type Syslog
Data Source Name Trendmicro-ddi
Data Source ID 1905

Integrating Trend Micro Deep Discovery Inspector

Before you configure the Trend Micro Deep Discovery Inspector integration, you must have the IP Address of the USM Appliance Sensor.

To configure Trend Micro Deep Discovery Inspector to send Syslog messages to USM Appliance

  1. From the Trend Micro Deep Discovery Inspector Management Console, open the Syslog page display:
    • For versions 3.6 and 3.7, select Logs > Syslog Server Settings.
    • For version 3.8, select Administration > Integrated Products / Services > Syslog.
  2. From the Syslog page, click Add. The Add Syslog Server page appears.
  3. From the Add Syslog Server page, select Enable syslog server and specify the following:
    • Server name or IP address : USM Appliance IP Address
    • Port : 514
    • Protocol : UDP
    • Facility level : Any
    • Severity level : Any
    • Log format : CEF
  4. Under Detection Logs, select all log types.
  5. Click Save.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://docs.trendmicro.com/all/ent/dd_app_splunk/v1.1/en-us/dd_app_for_splunk_1.1_olh/ddi_syslog_settings.html

For troubleshooting, see the vendor documentation.