Version:

Configuration

Adding a Normalization Policy

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select the Compiled Normalizers and Normalization Packages for Trend Micro.

  5. Click Submit.

_images/trendmicro_normpolicy.png

Adding a Normalization Policy

Adding Trend Micro as a device in LogPoint

  1. Go to Settings >> Configuration >> Devices.

  2. Click Add.

_images/create_device.png

Create Device Panel

  1. Enter a device Name.

  2. Enter the IP address(es) of Trend Micro.

  3. Select the Device Groups.

  4. Select an appropriate Log Collection Policy for the logs.

  5. Select a collector/forwarder from the Distributed Collector.

Note

It is optional to select any Device Groups, Log Collection Policy, and Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device should be the same as that of its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability. These values are used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

_images/available_collectorfetcher.png

Available Collectors Fetchers Panel

  1. Click ODBC Fetcher to open the ODBC Fetcher panel.

_images/odbc_fetcher_add.png

ODBC Fetcher Panel

Configuring the ODBC Fetcher for Trend Micro

  1. Click Add.

  2. Select a Mode. The ODBC Fetcher has two modes of configuration, General and Advanced. The Advanced Mode allows you to define the incremental key value. However, in the General mode, the application sets the incremental key value to 0.

Note

If you are using the General mode for Trend Micro DB v11, you can choose the Trend Micro Office Scan v11.0 template that fills the required values for the Driver, Database, Query, Incremental Key, Incremental Key Table, and New Line Separator parameters. If you select None as a template, you have to provide all the details manually.

  1. Select MSSQL as the Driver.

  2. Select the Port option and enter 1433 as the port for the driver.

  3. Enter db_ControlManager as the Database.

  4. Enter the Username and Password of the above database.

  5. Enter the Fetch Interval.

  6. Enter the following Query to retrieve the logs:

    For Trend Micro DB v11:
SELECT * FROM v_Virus_HostDetail

    For Trend Micro DB v12:
SELECT * FROM tb_AVVirusLog

  7. Enter the unique identifier for each log as the Incremental Key.

Note

  • If you are using the Advanced mode, provide the initial Incremental Key Value. It is 0 by default.

  • If you are using the General mode, you cannot set the value of the Incremental Key Value. The application sets the value to 0 automatically.

  1. Enter the following Incremental Key Table:

For Trend Micro DB v11:
v_Virus_HostDetail

For Trend Micro DB v12:
tb_AVVirusLog

Note

If you are using the Advanced Mode, you do not have to provide the Incremental Key Table.

  1. Enter a New Line Separator to replace the newline characters in the ODBC data. For example, if you provide the New Line Separator as “_”, the application displays the ODBC data as “data1_data2_data3”.

  2. Select a Processing Policy which uses the previously created Normalization Policy for the logs.

  3. Enter the Charset.

  4. Click Test to validate the configuration.

  5. Click Submit.

_images/trendmicrov11_odbc.png

Configuration for Trend Micro DB v11

_images/trendmicrov12_odbc.png

Configuration for Trend Micro DB v12

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support