Version:

Configuring Trend Micro

Adding a Normalization Policy

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. At the top left, click Add.

  3. Enter a Policy Name.

  4. In Compiled Normalizers, enter Trend Micro.

  5. Click Submit.

_images/normtrend1.png

Adding a Normalization Policy

Adding Trend Micro as a device in LogPoint

  1. Go to Settings >> Configuration >> Devices.

  2. At the top left, click Add.

  3. Enter a device Name.

  4. Enter the IP address(es) of Trend Micro.

  5. Select the Device Groups.

  6. Select an appropriate Log Collection Policy for the logs.

  7. Select a collector/forwarder from the Distributed Collector.

Note

It is optional to select any Device Groups, Log Collection Policy, and Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device should be the same its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability. These values are used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

_images/normtrend2.png

Create Device Panel

Configuring the ODBC Fetcher for Trend Micro

  1. Click Add Collectors/Fetchers from Actions.

  2. Click ODBC Fetcher.

_images/normtrend6.png

AVAILABLE COLLECTORS FETCHERS Panel

  1. At the top left, click ADD.

_images/normtrend3.png

ODBC Fetcher Panel

  1. Select a Mode. The ODBC Fetcher has two modes of configuration, General and Advanced. The Advanced mode allows you to define the incremental key value. However, in the General mode, the application sets the incremental key value to 0.

Note

If you are using the General mode for TrendMicro DB v11, you can choose the Trend Micro Office Scan v11.0 template that fills the required values for the Driver, Database, Query, Incremental Key, Incremental Key Table, and New Line Separator parameters. If you select None as a template, you have to provide all the details manually.

  1. In Driver, enter MSSQL.

  2. Select the Port option and enter 1433.

  3. In Database, enter db_ControlManager.

  4. Enter the Username and Password.

  5. Enter the Fetch Interval.

  6. Enter the following Query to retrieve the logs:

    For  TrendMicro DB v11:
SELECT * FROM v_Virus_HostDetail

    For  TrendMicro DB v12:
SELECT * FROM tb_AVVirusLog

  7. In Incremental Key, enter the following:

Note

  • If you are using the Advanced mode, provide the initial Incremental Key Value. The default value is 0.

  • If you are using the General mode, you cannot set the value of the Incremental Key Value. The application sets the value to 0 automatically.

  1. In Incremental Key Table, enter the given key table:

For  TrendMicro DB v11:
v_Virus_HostDetail

For  TrendMicro DB v12:
tb_AVVirusLog

Note

If you are using the Advanced Mode, you do not have to provide the Incremental Key Table.

  1. Enter a New Line Separator to replace the newline characters in the ODBC data. For example, if you provide the New Line Separator as “_”, the application displays the ODBC data as “data1_data2_data3”.

  2. Select a Processing Policy which uses the previously created Normalization Policy for the logs.

  3. Enter the Charset. The default value is utf_8.

  4. Click Test to validate the configuration.

  5. Click Submit.

_images/odbc11.png

Configuration for TrendMicro DB v11

_images/odbc12.png

Configuration for TrendMicro DB v12

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support