Trend Micro Apex One
Version: Trend Micro Apex One
Trend Micro Apex One is an integrated solution that protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. Trend Micro Apex Central is a centralized management console that manages Trend Micro products and services which allows administrators to monitor and report on activities such as infections, security violations, or virus/malware entry points.
Netsurion Open XDR manages logs retrieved from Trend Micro Apex One. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Trend Micro Apex One.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro Apex – A potential threat could not be quarantined | Generated whenever a Trend Micro Apex One fails to quarantine a potential threat. |
| Security | Trend Micro Apex – A potential threat has been quarantined | Generated whenever a Trend Micro Apex One quarantines a potential threat. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro Apex – Web security activities | Provides information on events such as threat protection on web threats, URL filtering, and application control. |
| Security | Trend Micro Apex – Virus detected | Provides information about viruses that can cause damage by exploiting vulnerabilities in corporate networks, email systems, and websites. For example, Trojan Horse, Ransomware, and more. |
| Security | Trend Micro Apex – Suspicious files | Provides information about the suspicious files detected on your network. |
| Security | Trend Micro Apex – Spyware detected | Provides information about the spyware or grayware detections on a network, such as applications that have annoying, undesirable, or undisclosed behaviour but do not fall into any of the major threat categories such as Virus, Trojan, and Worm. These applications monitor, gather personal information, and sends to a third party without the user’s knowledge or consent. |
| Compliance | Trend Micro Apex – User login and logout activities | Provides details about the Trend Micro Apex One Central user log in or log out activities. |
| Operational | Trend Micro Apex – Command and control activities | Provides details about C&C servers which cybercriminals use to communicate with systems compromised by malware and receives stolen data from the target network. This report contains information such as, action type, risk level, detection source, requested URL, etc. |
| Operational | Trend Micro Apex – Endpoint application control activities | Provides information about the Endpoint Application Control activities that allows users to enhance their defences against malware and targeted attacks by preventing unknown and unwanted applications from executing on a corporate endpoint. |
| Operational | Trend Micro Apex – Network content inspection activities | Provides information about Network Content Inspection that depends on two components, Global C&C IP list and relevance rule pattern to detect any network content violations on a network. |
| Operational | Trend Micro Apex – Behavior monitoring activities | Provides information about Behavior Monitoring that detects malicious scripts executed by legitimate windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in file-less attack vectors. |
| Operational | Trend Micro Apex – Attack discovery detection Events | Provides information about attack discovery using Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro Apex – Threat detected | Displays all the Threat detected by Trend Micro Apex. |
| Operational | Trend Micro Apex – Log types | Displays all the log types captured by Trend Micro Apex. |
| Operational | Trend Micro Apex – Successful login activities by source IP | Displays all the successful login activities by source IP captured by Trend Micro Apex. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro Apex – Data loss prevention events | Provides information about data loss prevention safeguards of an organization’s sensitive data against accidental or deliberate leakage or accessed by unauthorized users. |
| Security | Trend Micro Apex – Device access control events | Provides information about device control that regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss or leakage and combined with file scanning helps guard against security risks. |
| Security | Trend Micro Apex – Predictive machine learning events | Provides information about Predictive Machine Learning (PML) that is used to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. |
| Security | Trend Micro Apex – Spyware/grayware detection events | Provides information about the spyware/grayware detections on a network, such as applications that have annoying, undesirable, or undisclosed behavior but do not fall into any of the major threat categories such as Virus, Trojan, and Worm. These applications monitor, gather personal information, and send to a third party without the user’s knowledge or consent. |
| Security | Trend Micro Apex – Suspicious file detection events | Provides information about specific suspicious files detected on your network. |
| Security | Trend Micro Apex – Virus/Malware detection events | Provides information about viruses that can cause damage by exploiting vulnerabilities in corporate networks, email systems and websites. For example, Trojan Horse, Ransomware, and more. |
| Security | Trend Micro Apex – Web security events | Provides information about events such as threat protection on web threats, URL filtering and application control. |
| Compliance | Trend Micro Apex – Product logon/logoff events | Provides details about the Trend Micro Apex One Central user log in or log out activities. |
| Operational | Trend Micro Apex – Attack discovery detection Events | Provides information about attack discovery using Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection. |
| Operational | Trend Micro Apex – C&C callback events | Provides information about C&C servers that are used by cybercriminals to send commands to systems compromised by malware and receive stolen information from the target network. This report contains information such as, action type, risk level, detection source, requested URL, etc. |
| Operational | Trend Micro Apex – Endpoint application control events | Provides information about Endpoint Application Control allows user to enhance their defences against malware and targeted attacks by preventing unknown and unwanted applications from executing on a corporate endpoint. |
| Operational | Trend Micro Apex – Content security Events | Provides information about content security can be described as content injection vulnerabilities such as cross-site scripting (XSS attacks), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. |
| Operational | Trend Micro Apex – Network content inspection events | Provides information about network Content Inspection depends on two components: Global C&C IP List and Relevance Rule Pattern to detect any network content violations on a network. |
| Operational | Trend Micro Apex – Behavior monitoring events | Provides information about Behavior Monitoring detects malicious scripts executed by legitimate windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in file-less attack vectors. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, Trend Micro Apex One, and Trend Micro Apex Central.
Download Integration Guide for configuration instructions and more information.