When you configure Trend Micro Deep Security to send log data to USM Appliance, you can use the Trend Micro Deep Security Agent plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Device Type||Endpoint Security|
|Data Source Name||deepsec-agent|
|Data Source ID||1862|
Integrating Trend Micro Deep Security
Trend Micro Deep Security records system events and security events. The security events are generated by the Deep Security Agents installed on the computers in your network. There are two ways to forward these events to USM Appliance:
- directly from the agent
- through the Deep Security Manager
The correct way to forward security events depends on which Deep Security option your company implements: in-the-cloud or on-premises.
If your Deep Security Manager runs in the cloud (outside of your network), you must forward the events directly from the agents because the USM Appliance Sensor resides in your network without a public IP address. Follow the Trend Micro documentation, Forward security events directly from agent computers, to set up the event forwarding. When creating a new syslog configuration, enter the IP address of the USM Appliance Sensor as the server name and UDP 514 as the server port.
If your Deep Security Manager runs on premises, you can choose either option. To forward events through the Deep Security Manager, follow the Trend Micro documentation, Forward security events from the agent computers via the Deep Security Manager.
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: