When you configure Trend Micro Vulnerability Protection to send log data to USM Appliance, you can use the Trend Micro Vulnerability Protection plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Trend Micro |
Device Type | Endpoint Security |
Connection Type | Syslog |
Data Source Name | Trendmicro-vp |
Data Source ID | 1910 |
Integrating Trend Micro Vulnerability Protection
Before you configure the Trend Micro Vulnerability Protection integration, you must have the IP Address of the USM Appliance Sensor.
To configure Trend Micro Vulnerability Protection to send Syslog messages to USM Appliance
You can configure Vulnerability Protection Manager to instruct all managed computers to send logs to the Syslog computer, or you can configure individual computers independently. To configure the Manager to instruct all managed computers to use Syslog:
- Select Administration > System Settings and open the SIEM tab.
- In the System Event Notification area (of the Manager) , select the Forward System Events to a remote computer (via Syslog) option.
- Enter the IP address of your USM Appliance.
- Enter the port 514.
- Select which Syslog facility to use.
- Select the Common Event Format 1.0 log format. (The "Basic Syslog" format is listed only for legacy support and should not be used for new integrations.)
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
http://docs.trendmicro.com/all/ent/vp/v2.0/en-us/vp_2.0_ag.pdf
For troubleshooting, see the vendor documentation.