Explore and analyze Trend Micro events

Dashboards

The integration includes vendor dashboards for Trend Micro:

LP_TREND VISION ONE OAT – observed attack techniques overview and high/critical OAT hosts
LP_TREND VISION ONE ALERTS – workbench alerts, severity trends, top models, top malware/commands
LP_CEF: Trend Micro Deep Discovery - Virtual Analyser – suspicious files, malicious sites, affected hosts
LP_Trend Micro Deep Security - Firewall – firewall actions, denied connections, top sources/destinations
LP_CEF: Trend Micro Deep Discovery - Threat – infected files/hosts, threat types, suspicious behavior, grayware
LP_Trend Micro Control Manager – antimalware actions, endpoint outcomes, C&C destinations, NCI threats
LP_Trend Micro DB – virus and threat type trends, infection sources, infected workstation users
LP_CEF: Trend Micro Deep Discovery - Overview
LP_Trend Micro Office Scan
LP_Trend Micro Deep Security - Overview
LP_Trend Micro Deep Security - Intrusion Prevention
LP_Trend Micro Deep Security
LP_Trend Micro Deep Security - Anti-Malware
LP_Trend Micro IWSVA
LP_TREND MICRO IMSVA

To add Trend Micro dashboards:

Go to Settings >> Knowledge Base and select Dashboard.
Select VENDOR DASHBOARD.
Use the Trend Micro dashboards and select the repo that stores Trend Micro logs.

The integration includes vendor report templates such as:

The integration includes predefined alert rules and example queries:

Infected file quarantined:

Query:

norm_id=TrendMicroDeepSecurity label=Infection label=File label=Quarantine

Virus/malware quarantined:

Query:

norm_id=TrendMicroDeepSecurity label=Virus OR label=Malware label=File label=Quarantine

Botnet detection:

Query:

norm_id=TrendMicroDeepSecurity label=Botnet label=Detect

Ransomware detection:

Query:

norm_id=TrendMicroDeepSecurity label=Detect label=Malware label=Infection malware="*Ransom*"

Antimalware engine offline:

Query:

label=AntiMalware label=Engine label=Offline

Last updated 7 days ago

Was this helpful?