Documentation Center
AlienVault® USM Appliance™

Trend Micro Vulnerability Protection

When you configure Trend Micro Vulnerability Protection to send log data to USM Appliance, you can use the Trend Micro Vulnerability Protection plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Trend Micro
Device Type Endpoint Security
Connection Type Syslog
Data Source Name Trendmicro-vp
Data Source ID 1910

Integrating Trend Micro Vulnerability Protection

Before you configure the Trend Micro Vulnerability Protection integration, you must have the IP Address of the USM Appliance Sensor.

To configure Trend Micro Vulnerability Protection to send Syslog messages to USM Appliance

You can configure Vulnerability Protection Manager to instruct all managed computers to send logs to the Syslog computer, or you can configure individual computers independently. To configure the Manager to instruct all managed computers to use Syslog:

  1. Select Administration > System Settings and open the SIEM tab.
  2. In the System Event Notification area (of the Manager) , select the Forward System Events to a remote computer (via Syslog) option.
  3. Enter the IP address of your USM Appliance.
  4. Enter the port 514.
  5. Select which Syslog facility to use.
  6. Select the Common Event Format 1.0 log format. (The "Basic Syslog" format is listed only for legacy support and should not be used for new integrations.)

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://docs.trendmicro.com/all/ent/vp/v2.0/en-us/vp_2.0_ag.pdf

For troubleshooting, see the vendor documentation.