Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Trend Micro Deep Discovery Analyzer

 

The JSA DSM for Trend Micro Deep Discovery Analyzer can collect event logs from your Trend Micro Deep Discovery Analyzer console.

The following table identifies the specifications for the Trend Micro Deep Discovery Analyzer DSM:

Table 1: Trend Micro Deep Discovery Analyzer DSM Specifications

Specification

Value

Manufacturer

Trend Micro

DSM name

Trend Micro Deep Discovery Analyzer

RPM file name

DSM-TrendMicroDeepDiscoveryAnalyzer-build_number.noarch.rpm

Supported versions

5.0, 5.5, 5.8 and 6.0

Event format

LEEF

JSA recorded event types

All events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Trend Micro website (www.trendmicro.com/DeepDiscovery‎)

To send Trend Micro Deep Discovery events to JSA, complete the following steps:

  1. If automatic updates are not enabled, download the most recent versions of the following RPMs.

    • DSMCommon

    • Trend Micro Deep Discovery DSM

  2. Configure your Trend Micro Deep Discovery device to communicate with JSA.

  3. If JSA does not automatically detect Trend Micro Deep Discovery as a log source, create a Trend Micro Deep Discovery log source on the JSA Console. Configure all required parameters and use the following table to determine specific values that are required for Trend Micro Deep Discovery Inspector event collection:

    Table 2: Trend Micro Deep Discovery Analyzer Log Source Parameters

    Parameter

    Value

    Log Source type

    Trend Micro Deep Discovery Analyzer

    Protocol Configuration

    Syslog

Configuring Your Trend Micro Deep Discovery Analyzer Instance for Communication with JSA

To collect Trend Micro Deep Discovery Analyzer events, configure your third-party instance to enable logging.

  1. Log in to the Deep Discovery Analyzer web console.
  2. To configure Deep Discovery Analyzer V5.0, follow these steps:
    1. Click Administration > Log Settings.

    2. Select Forward logs to a syslog server.

    3. Select LEEF as the log format.

    4. Select the protocol that you want to use to forward the events.

    5. In the Syslog server field, type the host name or IP address of your JSA Console or Event Collector.

    6. In the Port field, type 514.

  3. To configure Deep Discovery Analyzer V5.5, follow these steps:
    1. Click Administration > Log Settings.

    2. Select Send logs to a syslog server.

    3. In the Server field, type the host name or IP address of your JSA Console or Event Collector.

    4. In the Port field, type 514.

    5. Select the protocol that you want to use to forward the events.

    6. Select LEEF as the log format.

  4. To configure Deep Discovery Analyzer V5.8, follow these steps:
    1. Click Administration >Integrated Products/Services >Log Settings.

    2. Select Send logs to a syslog server.

    3. In the Server address field, type the host name or IP address of your JSA console or Event Collector.

    4. In the Port field, type the port number.

      Note

      Trend Micro suggests that you use the following default syslog ports: UDP: 514; TCP: 601; and SSL: 443.

    5. Select the protocol that you want to use to forward the events; UDP/TCP/SSL.

    6. Select LEEF as the log format.

    7. Select the Scope of logs to send to the syslog server.

    8. Select the Extensions check box if you want to exclude any logs from sending data to the syslog server.

  5. Click Save.