Trend Micro Deep Security

The JSA DSM for Trend Micro Deep Security can collect logs from your Trend Micro Deep Security server.

The following table identifies the specifications for the Trend Micro Deep Security DSM:

To integrate Trend Micro Deep Security with JSA, complete the following steps:

1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

   • Trend Micro Deep Security DSM RPM

   • DSMCommon RPM

2. Configure your Trend Micro Deep Security device to send syslog events to JSA.

3. If JSA does not automatically detect the log source, add a Trend Micro Deep Security DSM log source on the JSA Console. The following table describes the parameters that require specific values for Trend Micro Deep Security DSM event collection:

   Table 2: Trend Micro Deep Security DSM Log Source Parameters

   Parameter	Value
   Log Source type	Trend Micro Deep Security
   Protocol Configuration	Syslog

Configuring Trend Micro Deep Security to Communicate with JSA

To collect all events from Trend Micro Deep Security, you must specify JSA as the syslog server and configure the syslog format.

Ensure that your Deep Security Manager is installed and configured.

1. Click the Administration >System Settings >SIEM tab.
2. From the System Event Notification (from the Manager) area, set the Forward System Events to remote computer (via Syslog) option.
3. Type the host name or the IP address of the JSA system.
4. Type 514 for the UDP port.
5. Select the Syslog Facility that you want to use.
6. Select LEEF for the Syslog Format.Note

   Deep Security can only send events in LEEF format from the Manager. If you select the Direct forward option on the SIEM tab, you cannot select Log Event Extended Format 2.0 for the Syslog Format.