Trend Micro Deep Discovery Director
The JSA DSM for Trend Micro Deep Discovery Director collects LEEF formatted events from a Trend Micro Deep Discovery Director device.
To integrate Trend Micro Deep Discovery Director with JSA, complete the following steps:
If automatic updates are not enabled, download the most recent versions of the following RPMs:
Trend Micro Deep Discovery Inspector DSM RPM
Trend Micro Deep Discovery Director DSM RPM
Configure your Trend Micro Deep Discovery Director device to send events to JSA.
If JSA does not automatically detect Trend Micro Deep Discovery Director as a log source, create a Trend Micro Deep Discovery Inspector log source on the JSA Console. The following table describes the parameters that require specific values to collect Syslog events from Trend Micro Deep Discovery Director:
Table 1: Trend Micro Deep Discovery Director Log Source Parameters Parameter
Value
Log Source type
Trend Micro Deep Discovery Director
Protocol Configuration
Syslog
Log Source Identifier
The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.
Trend Micro Deep Discovery Director DSM Specifications
The following table identifies the specifications for the Trend Micro Deep Discovery Director DSM:
Specification |
Value |
---|---|
Manufacturer |
Trend Micro |
DSM name |
Trend Micro Deep Discovery Director |
RPM file name |
DSM-TrendMicroDeepDiscoveryDirector- JSA_version-build_number.noarch.rpm |
Supported versions |
V3.0 |
Protocol |
Syslog |
Event format |
LEEF |
JSA recorded event types |
Trend Micro Deep Discovery Inspector Events |
Automatically discovered? |
Yes |
Included identity? |
No |
Includes custom properties? |
No |
More information |
Configuring Trend Micro Deep Discovery Director to communicate with JSA
To collect events from Trend Micro Deep Discovery Director, configure your Trend Micro Deep Discovery Director device to forward syslog events to JSA.
Log in to your Trend Micro Deep Discovery Director device.
Click Administration > Integrated Products/Services >Syslog.
Click Add, and then select Enabled.
Configure the parameters in the following table.
Table 3: Trend Micro Deep Discovery Director Parameter
Description
Profile name
The name for the Deep Discovery Director syslog server.
Server address
The IP address of your JSA Console or Event Collector
Port
SSL/TLS - 6514 (default port)
TCP - 601
UDP - 514
Protocol
SSL/TLS
TCP
UDP
Log format
LEEF
Scope
The events that you want to forward o JSA
Click Save.
Trend Micro Deep Discovery Director Sample Event Messages
Use these sample event messages as a way of verifying a successful integration with JSA.
The following table provides sample event messages when you use the Syslog protocol for the Trend Micro Deep Discovery Director DSM:
Event name |
Low-level category |
Sample log message |
---|---|---|
DENYLIST _CHANGE |
Successful Configuration Modification |
|
SECURITY _RISK_ DETECTION |
Potential Misc Exploit |
|
Port |
|
|
Protocol |
|
|
Log format |
LEEF |
|
Scope |
The events that you want to forward o JSA |