Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Trend Micro Deep Discovery Email Inspector

 

The JSA DSM for Trend Micro Deep Discovery Email Inspector collects events from a Trend Micro Deep Discovery Email Inspector device.

The following table describes the specifications for the Trend Micro Deep Discovery Email Inspector DSM:

Table 1: Trend Micro Deep Discovery Email Inspector DSM Specifications

Specification

Value

Manufacturer

Trend Micro

DSM name

Trend Micro Deep Discovery Email Inspector

RPM file name

DSM-TrendMicroDeepDiscoveryEmailInspector-

JSA_version-build_number.noarch.rpm

Supported versions

V3.0

Event format

Log Event Extended Format (LEEF)

Recorded event types

Detections, virtual analyzer analysis logs, system events, and Alert events

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

Trend Micro website (http://www.trendmicro.ca)

To integrate Trend Micro Deep Discovery Email Inspector with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs on your JSA console:

    • Trend Micro Deep Discovery Email Inspector DSM RPM

    • DSM Common RPM

  2. Configure your Trend Micro Deep Discovery Email Inspector device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a Trend Micro Deep Discovery Email Inspector log source on the JSA console. The following table describes the parameters that require specific values for Trend Micro Deep Discovery Email Inspector event collection:

    Table 2: Trend Micro Deep Discovery Email Inspector Log Source Parameters

    Parameter

    Description

    Log Source type

    Trend Micro Deep Discovery Email Inspector

    Protocol Configuration

    Syslog

Configuring Trend Micro Deep Discovery Email Inspector to Communicate with JSA

To collect events from Trend Micro Deep Discovery Email Inspector, configure a syslog server profile for the JSA host.

  1. Log in to the Trend Micro Deep Discovery Email Inspector user interface.
  2. Click Administration >Log Settings.
  3. Click Add.
  4. Verify that Enabled is selected for Status. The default is Enabled.
  5. Configure the following parameters:

    Parameter

    Description

    Profile name

    Specify a name for the profile.

    Syslog server

    The host name or IP of the JSA server.

    Port

    514

    Log format

    LEEF

  6. Select Detections, Virtual Analyzer Analysis logs, and System events for the types of events to send to JSA.