Trend Micro Apex One

Version: Trend Micro Apex One

Trend Micro Apex One is an integrated solution that protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. Trend Micro Apex Central is a centralized management console that manages Trend Micro products and services which allows administrators to monitor and report on activities such as infections, security violations, or virus/malware entry points.

Netsurion Open XDR manages logs retrieved from Trend Micro Apex One. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Trend Micro Apex One.

The following are the key assets included with this Data Source Integration.

Alerts

TypeNameDescription
SecurityTrend Micro Apex – A potential threat could not be quarantinedGenerated whenever a Trend Micro Apex One fails to quarantine a potential threat.
SecurityTrend Micro Apex – A potential threat has been quarantinedGenerated whenever a Trend Micro Apex One quarantines a potential threat.

Reports

TypeNameDescription
SecurityTrend Micro Apex – Web security activitiesProvides information on events such as threat protection on web threats, URL filtering, and application control.
SecurityTrend Micro Apex – Virus detectedProvides information about viruses that can cause damage by exploiting vulnerabilities in corporate networks, email systems, and websites. For example, Trojan Horse, Ransomware, and more.
SecurityTrend Micro Apex – Suspicious filesProvides information about the suspicious files detected on your network.
SecurityTrend Micro Apex – Spyware detectedProvides information about the spyware or grayware detections on a network, such as applications that have annoying, undesirable, or undisclosed behaviour but do not fall into any of the major threat categories such as Virus, Trojan, and Worm. These applications monitor, gather personal information, and sends to a third party without the user’s knowledge or consent.
ComplianceTrend Micro Apex – User login and logout activitiesProvides details about the Trend Micro Apex One Central user log in or log out activities.
OperationalTrend Micro Apex – Command and control activitiesProvides details about C&C servers which cybercriminals use to communicate with systems compromised by malware and receives stolen data from the target network. This report contains information such as, action type, risk level, detection source, requested URL, etc.
OperationalTrend Micro Apex – Endpoint application control activitiesProvides information about the Endpoint Application Control activities that allows users to enhance their defences against malware and targeted attacks by preventing unknown and unwanted applications from executing on a corporate endpoint.
OperationalTrend Micro Apex – Network content inspection activitiesProvides information about Network Content Inspection that depends on two components, Global C&C IP list and relevance rule pattern to detect any network content violations on a network.
OperationalTrend Micro Apex – Behavior monitoring activitiesProvides information about Behavior Monitoring that detects malicious scripts executed by legitimate windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in file-less attack vectors.
OperationalTrend Micro Apex – Attack discovery detection EventsProvides information about attack discovery using Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection.

Dashboards

TypeNameDescription
SecurityTrend Micro Apex – Threat detectedDisplays all the Threat detected by Trend Micro Apex.
OperationalTrend Micro Apex – Log typesDisplays all the log types captured by Trend Micro Apex.
OperationalTrend Micro Apex – Successful login activities by source IP  Displays all the successful login activities by source IP captured by Trend Micro Apex.

Saved Searches

TypeNameDescription
SecurityTrend Micro Apex – Data loss prevention eventsProvides information about data loss prevention safeguards of an organization’s sensitive data against accidental or deliberate leakage or accessed by unauthorized users.
SecurityTrend Micro Apex – Device access control eventsProvides information about device control that regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss or leakage and combined with file scanning helps guard against security risks.
SecurityTrend Micro Apex – Predictive machine learning eventsProvides information about Predictive Machine Learning (PML) that is used to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.
SecurityTrend Micro Apex – Spyware/grayware detection eventsProvides information about the spyware/grayware detections on a network, such as applications that have annoying, undesirable, or undisclosed behavior but do not fall into any of the major threat categories such as Virus, Trojan, and Worm. These applications monitor, gather personal information, and send to a third party without the user’s knowledge or consent.
SecurityTrend Micro Apex – Suspicious file detection eventsProvides information about specific suspicious files detected on your network.
SecurityTrend Micro Apex – Virus/Malware detection eventsProvides information about viruses that can cause damage by exploiting vulnerabilities in corporate networks, email systems and websites. For example, Trojan Horse, Ransomware, and more.
SecurityTrend Micro Apex – Web security eventsProvides information about events such as threat protection on web threats, URL filtering and application control.
ComplianceTrend Micro Apex – Product logon/logoff eventsProvides details about the Trend Micro Apex One Central user log in or log out activities.
OperationalTrend Micro Apex – Attack discovery detection EventsProvides information about attack discovery using Trend Micro threat intelligence based on Indicators of Attack (IoA) behaviors. After detecting a known IoA, Attack Discovery logs the detection.
OperationalTrend Micro Apex – C&C callback eventsProvides information about C&C servers that are used by cybercriminals to send commands to systems compromised by malware and receive stolen information from the target network. This report contains information such as, action type, risk level, detection source, requested URL, etc.
OperationalTrend Micro Apex – Endpoint application control eventsProvides information about Endpoint Application Control allows user to enhance their defences against malware and targeted attacks by preventing unknown and unwanted applications from executing on a corporate endpoint.
OperationalTrend Micro Apex – Content security EventsProvides information about content security can be described as content injection vulnerabilities such as cross-site scripting (XSS attacks), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
OperationalTrend Micro Apex – Network content inspection eventsProvides information about network Content Inspection depends on two components: Global C&C IP List and Relevance Rule Pattern to detect any network content violations on a network.
OperationalTrend Micro Apex – Behavior monitoring eventsProvides information about Behavior Monitoring detects malicious scripts executed by legitimate windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in file-less attack vectors.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, Trend Micro Apex One, and Trend Micro Apex Central.

Download Integration Guide for configuration instructions and more information.