Trend Micro

Overview

The Trend Micro integration enables Logpoint to collect and normalize alert and event data from Trend Micro products for security monitoring, investigation, reporting, and alerting.

Trend Micro content in Logpoint includes:

• Universal REST API–based ingestion for Trend Vision One

• Syslog-based ingestion for Trend Micro (syslog collector template)

• Analytics content such as dashboards, reports, labels, saved searches, and alerts.

Integration components

This integration includes the following components:

Collectors/fetchers

• Syslog collector (Trend Micro syslog template)

• Universal REST API Fetcher (TrendVisionOne template)

• Optional: ODBC Fetcher (for Trend Micro DB via MSSQL)

Normalizers and Compiled Normalizers

Compiled Normalizers

• TrendMicroCompiledNormalizer

  • VisionOne

  • VisionOneCEF

  • TrendMicroControlManagerCEFCompiledNormalizer

  • TrendMicroDeepSecurityCEFCompiledNormalizer

  • TrendMicroControlManagerCEFCompiledNormalizer

  • TrendMicroDeepDiscoveryCEFCompiledNormalizer

  • TrendMicroOfficeScanCompiledNormalizer

  • TrendMicroIMSVACompiledNormalizer

  • TrendMicroApexCentralCompiledNormalizer

Normalization packages

• LP_Trend Micro Control Manager

• LP_Trend Micro DB

• LP_Trend Micro IMSS

• LP_Trend Micro IMSVA

• LP_Trend Micro IWSVA

• LP_Trend Micro Office Scan

Analytics components

Dashboards

• LP_CEF: Trend Micro Deep Discovery – Overview

• LP_CEF: Trend Micro Deep Discovery – Threat

• LP_CEF: Trend Micro Deep Discovery – Virtual Analyzer

• LP_Trend Micro Deep Security – Overview

• LP_Trend Micro Deep Security – Firewall

• LP_Trend Micro Deep Security – Intrusion Prevention

• LP_Trend Micro Deep Security – Anti-Malware

• LP_Trend Micro Control Manager

• LP_Trend Micro Office Scan

• LP_Trend Micro IWSVA

• LP_TREND MICRO IMSVA

Report packages

• Trend Micro Deep Discovery (Overview, Threat, Virtual Analyzer)

• Trend Micro Deep Security (Overview, Firewall, Intrusion Prevention, Anti-Malware)

• Trend Micro Control Manager

• Trend Micro DB

• Trend Micro IWSVA

Alerts

• Trend Micro Deep Security – File Quarantined

• Trend Micro Deep Security – Virus Quarantined

• Trend Micro Deep Security – Ransomware Detection

• Trend Micro Deep Security – Botnet Detection

• Trend Micro Anti-Malware Engine Offline

Label Package

• LP_Trend Micro Control Manager

Search Package

• Trend MicroDeepSecurity

Supported versions and log types

Supported product versions

• Logpoint v7.4.0 or later

• Universal REST API Fetcher v2.1.0

Supported log types

• Trend Vision One (API) – logs fetched using Universal REST API Fetcher

• Trend Micro (syslog) – syslog over UDP 514 or TCP

• Trend Micro DB (ODBC/MSSQL) – AV/virus logs via SQL queries (DB v11/v12 queries provided)

• Trend Micro Deep Security (CEF)

• Trend Micro Deep Discovery (CEF)

• Trend Micro Control Manager (syslog key=value)

• Trend Micro IWSVA (key=value and pipe-separated syslog)

• Trend Micro IMSVA (syslog)

• Trend Micro IMSS (syslog)

• Trend Micro ISMS (syslog)

• Trend Micro Office Scan (JSON)

• Trend Micro Cloud App Security (CEF)