Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Trend Micro Deep Discovery Inspector

 

The JSA DSM for Trend Micro Deep Discovery Inspector can receive event logs from your Trend Micro Deep Discovery Inspector console.

The following table identifies the specifications for the Trend Micro Deep Discovery Inspector DSM:

Table 1: Trend Micro Deep Discovery Inspector DSM specifications

Specification

Value

Manufacturer

Trend Micro

DSM name

Trend Micro Deep Discovery Inspector

RPM file name

DSM-TrendMicroDeepDiscovery-

JSA_version-build_number.noarch.rpm

Supported versions

V3.x

Event format

LEEF

JSA recorded event types

Malicious content

Malicious behavior

Suspicious behavior

Exploit

Grayware

Web reputation

Disruptive application

Sandbox

Correlation

System

Update

Automatically discovered?

Yes

Included identity?

No

Includes custom properties?

No

More information

Trend Micro website (www.trendmicro.com/DeepDiscovery‎)

To send Trend Micro Deep Discovery Inspector events to JSA, complete the following steps:

  1. If automatic updates are not enabled, download the most recent versions of the following RPMs:

    • DSMCommon RPM

    • Trend Micro Deep Discovery Inspector DSM

  2. Configure your Trend Micro Deep Discovery Inspector device to send events to JSA.

  3. If JSA does not automatically detect Trend Micro Deep Discovery Inspector as a log source, create a Trend Micro Deep Discovery Inspector log source on the JSA Console. Configure all required parameters and use the following table to determine specific values that are required for Trend Micro Deep Discovery Inspector event collection:

    Table 2: Trend Micro Deep Discovery Inspector log source parameters

    Parameter

    Value

    Log Source type

    Trend Micro Deep Discovery Inspector

    Protocol Configuration

    Syslog

Configuring Trend Micro Deep Discovery Inspector V3.0 to Send Events to JSA

To collect Trend Micro Deep Discovery Inspector events, configure the device to send events to JSA.

  1. Log in to Trend Micro Deep Discovery Inspector.
  2. From the navigation menu, select >Logs > Syslog Server Settings.
  3. Select Enable Syslog Server.
  4. Configure the following parameters:

    Parameter

    Description

    IP address

    The IP address of your JSA Console or Event Collector.

    Port

    514

    Syslog facility

    The local facility, for example, local 3.

    Syslog severity

    The minimum severity level that you want to include.

    Syslog format

    LEEF

  5. In the Detections pane, select the check boxes for the events that you want to forward to JSA.
  6. Click Save.

Configuring Trend Micro Deep Discovery Inspector V3.8 to Send Events to JSA

To collect Trend Micro Deep Discovery Inspector events, configure the device to send events to JSA.

  1. Log in to Trend Micro Deep Discovery Inspector.
  2. Click Administration >Integrated Products/Services >Syslog.
  3. Click Add, and then select Enable Syslog Server.
  4. Configure the following parameters:

    Parameter

    Description

    Server Name or IP address

    The IP address of your JSA Console or Event Collector.

    Port

    • Default is UDP/514

    • TCP/601

    • SSL/6514

    Protocol

    UDP/TCP/SSL

    Facility level

    Select a facility level that specifies the source of a message.

    Severity level

    Select a severity level of the type of messages to be sent to the syslog server.

    Log format

    LEEF

  5. In the Detections pane, select the check boxes for the events that you want to forward to JSA.
  6. Select Connect through a proxy server if you need proxy servers for your connections. The device uses the settings that are configured in the Administrator >System Settings >Proxy screen.Note

    Select this option if you require the use of proxy servers for intranet connections.

  7. Click Save.