Trend Micro Deep Discovery Analyzer
The JSA DSM for Trend Micro Deep Discovery Analyzer can collect event logs from your Trend Micro Deep Discovery Analyzer console.
The following table identifies the specifications for the Trend Micro Deep Discovery Analyzer DSM:
Specification |
Value |
---|---|
Manufacturer |
Trend Micro |
DSM name |
Trend Micro Deep Discovery Analyzer |
RPM file name |
DSM-TrendMicroDeepDiscoveryAnalyzer-build_number.noarch.rpm |
Supported versions |
5.0, 5.5, 5.8 and 6.0 |
Event format |
LEEF |
JSA recorded event types |
All events |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
Trend Micro website (www.trendmicro.com/DeepDiscovery) |
To send Trend Micro Deep Discovery events to JSA, complete the following steps:
-
If automatic updates are not enabled, download the most recent versions of the following RPMs from the Juniper Downloads.
-
DSMCommon
-
Trend Micro Deep Discovery DSM
-
Configure your Trend Micro Deep Discovery device to communicate with JSA.
If JSA does not automatically detect Trend Micro Deep Discovery as a log source, create a Trend Micro Deep Discovery log source on the JSA Console. Configure all required parameters and use the following table to determine specific values that are required for Trend Micro Deep Discovery Inspector event collection:
Table 2: Trend Micro Deep Discovery Analyzer Log Source Parameters Parameter
Value
Log Source type
Trend Micro Deep Discovery Analyzer
Protocol Configuration
Syslog
Configuring Your Trend Micro Deep Discovery Analyzer Instance for Communication with JSA
To collect Trend Micro Deep Discovery Analyzer events, configure your third-party instance to enable logging.
Log in to the Deep Discovery Analyzer web console.
To configure Deep Discovery Analyzer V5.0, follow these steps:
Click Administration > Log Settings.
Select Forward logs to a syslog server.
Select LEEF as the log format.
Select the protocol that you want to use to forward the events.
In the Syslog server field, type the host name or IP address of your JSA Console or Event Collector.
In the Port field, type 514.
To configure Deep Discovery Analyzer V5.5, follow these steps:
Click Administration > Log Settings.
Select Send logs to a syslog server.
In the Server field, type the host name or IP address of your JSA Console or Event Collector.
In the Port field, type 514.
Select the protocol that you want to use to forward the events.
Select LEEF as the log format.
To configure Deep Discovery Analyzer V5.8, follow these steps:
Click Administration >Integrated Products/Services >Log Settings.
Select Send logs to a syslog server.
In the Server address field, type the host name or IP address of your JSA console or Event Collector.
In the Port field, type the port number.
Note:Trend Micro suggests that you use the following default syslog ports: UDP: 514; TCP: 601; and SSL: 443.
Select the protocol that you want to use to forward the events; UDP/TCP/SSL.
Select LEEF as the log format.
Select the Scope of logs to send to the syslog server.
Select the Extensions check box if you want to exclude any logs from sending data to the syslog server.
Click Save.