Trend Micro Office Scan

A Trend Micro Office Scan DSM for JSA accepts events by using SNMPv2.

JSA records events relevant to virus and spyware events. Before you configure a Trend Micro device in JSA, you must configure your device to forward SNMPv2 events.

JSA has two options for integrating with a Trend Micro device. The integration option that you choose depends on your device version:

Integrating with Trend Micro Office Scan 8.x

You can integrate a Trend Micro Office Scan 8.x device with JSA.

1. Log in to the Office Scan Administration interface.
2. Select Notifications.
3. Configure the General Settings for SNMP Traps: In the Server IP Address field, type the IP address of the JSA. Note

   Do not change the community trap information.

4. Click Save.
5. Configure the Standard Alert Notification: Select Standard Notifications.
6. Click the SNMP Trap tab.
7. Select the Enable notification via SNMP Trap for Virus/Malware Detections check box.
8. Type the following message in the field (this should be the default):

   Virus/Malware: %v Computer: %s Domain: %m File: %p Date/Time: %y Result: %a

9. Select the Enable notification via SNMP Trap for Spyware/Grayware Detections check box.
10. Type the following message in the field (this should be the default):

    Spyware/Grayware: %v Computer: %s Domain: %m Date/Time: %y Result: %a

11. Click Save.
12. Configure Outbreak Alert Notifications: Select Out Notifications.
13. Click the SNMP Trap tab.
14. Select the Enable notification via SNMP Trap for Virus/Malware Outbreaks check box.
15. Type the following message in the field (this should be the default):

    Number of viruses/malware: %CV Number of computers: %CC Log Type Exceeded: %A Number of firewall violation logs: %C Number of shared folder sessions: %S Time Period: %T

16. Select the Enable notification via SNMP Trap for Spyware/Grayware Outbreaks check box.
17. Type the following message in the field (this should be the default):

    Number of spyware/grayware: %CV Number of computers: %CC Log Type Exceeded: %A Number of firewall violation logs: %C Number of shared folder sessions: %S Time Period: %T

18. Click Save.

    You are now ready to configure the log sources in JSA.

19. To configure the Trend Micro Office Scan device:

    1. From the Log Source Type list, select the Trend Micro Office Scan option.

    2. From the Protocol Configuration list, select the SNMPv2 option.

Integrating with Trend Micro Office Scan 10.x

Several preparatory steps are necessary before you configure JSA to integrate with a Trend Micro Office Scan 10.x device.

Configuring General Settings

You can integrate a Trend Micro Office Scan 10.x device with JSA.

1. Log in to the Office Scan Administration interface.
2. Select Notifications >Administrator Notifications >General Settings.
3. Configure the General Settings for SNMP Traps: In the Server IP Address field, type the IP address of your JSA.
4. Type a community name for your Trend Micro Office Scan device.
5. Click Save.

You must now configure the Standard Notifications for Office Scan.

Configure Standard Notifications

You can configure standard notifications.

1. Select Notifications >Administrator Notifications >Standard Notifications.
2. Define the Criteria settings. Click the Criteria tab.
3. Select the option to alert administrators on the detection of virus/malware and spyware/grayware, or when the action on these security risks is unsuccessful.
4. To enable notifications: Configure the SNMP Trap tab.
5. Select the Enable notification via SNMP Trap check box.
6. Type the following message in the field:

   Virus/Malware: %v Spyware/Grayware: %T Computer: %s IP address: %i Domain: %m File: %p Date/Time: %y Result: %a User name: %n

7. Click Save.

You must now configure Outbreak Notifications.

Configuring Outbreak Criteria and Alert Notifications

You can configure outbreak criteria and alert notifications.

1. Select Notifications >Administrator Notifications >Outbreak Notifications.
2. Click the Criteria tab.
3. Type the number of detections and detection period for each security risk.

   Notification messages are sent to an administrator when the criteria exceeds the specified detection limit.

   Note

   Trend Micro suggests that you use the default values for the detection number and detection period.

4. Select Shared Folder Session Link and enable Office Scan to monitor for firewall violations and shared folder sessions.Note

   To view computers on the network with shared folders or computers currently browsing shared folders, you can select the number link in the interface.

5. Click the SNMP Trap tab.

   1. Select the Enable notification via SNMP Trap check box.

6. Type the following message in the field:

   Number of viruses/malware: %CV Number of computers: %CC Log Type Exceeded: %A Number of firewall violation logs: %C Number of shared folder sessions: %S Time Period: %T

7. Click Save.
8. You are now ready to configure the log source in JSA.

   To configure the Trend Micro Office Scan device:

   1. From the Log Source Type list, select the Trend Micro Office Scan option.

   2. From the Protocol Configuration list, select the SNMPv2 option.

Integrating with Trend Micro OfficeScan XG

You can integrate a Trend Micro OfficeScan XG device with the JSA system.

Configuring General Settings in OfficeScan XG

You can integrate a Trend Micro OfficeScan XG device with JSA.

1. Log in to the OfficeScan Administration interface.
2. Click Administration >Notifications >General Settings.
3. Configure the General Notification Settings for SNMP Traps.
4. In the Server IP Address field, type the IP address of the JSA console.
5. Type a community name for your Trend Micro OfficeScan device.
6. Click Save.

You must now configure the Administrator Notifications for OfficeScan.

Configuring Administrator Notifications in OfficeScan XG

Administrators can be notified when certain security risks are detected by Trend Micro OfficeScan XG. Configure the device to send notifications through SNMP Trap.

1. Click Administration >Notifications >Administrator.
2. Click the Criteria tab.
3. Select the following options for notification:

   • Virus/Malware Detection

   • Spyware/Grayware Detection

   • C&C Callbacks

4. To enable notifications, configure the SNMP Trap tab.
5. Select the Enable notification via SNMP Trap check box.
6. Type the following message in the field:

   Virus/Malware: %v Spyware/Grayware: %T Computer: %s IP address: %i Domain: %m File: %p Date/Time: %y Result: %a User name: %n

   Spyware/Grayware: %v Endpoint: %s Domain: %m Date/Time: %y Result: %a

   Compromised Host: %CLIENTCOMPUTER% IP Address: %IP% Domain: %DOMAIN% Date/Time: %DATETIME% Callback address: %CALLBACKADDRESS% C&C risk level: %CNCRISKLEVEL% C&C list source: %CNCLISTSOURCE% Action: %ACTION%

7. Click Save.

You must now configure Outbreak Notifications.

Configuring Outbreak Notifications in OfficeScan XG

You can configure your Trend Micro OfficeScan XG device to notify you of security risk outbreaks. Define an outbreak by the number of detections and the detection period.

1. Click Administration >Notifications >Outbreak.
2. Click the Criteria tab.
3. Type the number of detections and detection period for each security risk. Note

   Notification messages are sent to an administrator when the criteria exceeds the specified detection limit.

   Tip

   Trend Micro suggests that you use the default values for the detection number and detection period.

4. To enable notifications, click the SNMP Trap tab, and select the Enable notification via SNMP Trap check box.
5. Type the following message in the field:

   Number of virus/malware: %CV Number of computers: %CC

   Number of spyware/grayware: %CV Number of endpoints: %CC

   C&C callback detected: Accumulated log count: %C in the last %T hour(s)

6. Click Save.

You are now ready to configure the log source in JSA.