Trend Micro Deep Security

Version: Trend Micro Deep Security 9.5 and above.

Trend Micro Deep Security delivers a comprehensive security platform optimized for virtual and cloud environments. Its comprehensive security capabilities include anti-malware with web reputation, host-based firewall, intrusion detection and prevention (IDS/IPS), integrity monitoring, and log inspection.

Trend Micro Deep Security can be integrated with Netsurion using syslog forwarding. Trend Micro Deep Security KP helps to monitor the malware detection, malicious sites visited by users, authentication failures, policy management, group management, device management, and firewall activities. Netsurion triggers the alert whenever any malware is detected, any action is taken on malware, failure to act on the malware and a malicious URL detection happens. Netsurion dashboard will help you to visualize the group management, policy management, device management, and user authentication failures

Netsurion Data Source Integration for Trend Micro Deep Security allows you to monitor the following components:-

  • Operations - Computer management, Group management, Roles management, Policy management and User management.
  • Security - Antimalware activity, Intrusion prevention, System logs, File Integrity monitoring and Firewall activity.
  • Compliance - User logon activity and User authentication failed.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Trend Micro Deep Security - Manager clock changed This alert is generated when a clock is changed on the manager by the user.
Security Trend Micro Deep Security - Duplicate computer This alert is generated by the manager when it finds the duplicate computer.
Security Trend Micro Deep Security - Action taken on malware This alert is generated when malware is detected and action was taken on malware like deleted, quarantined, access denied and cleaned.
Security Trend Micro Deep Security - No Action taken on malware This alert is generated when malware is passed, and no action was taken on that malware.
Security Trend Micro Deep Security - Malicious URL detected This alert is generated when a malicious URL is detected in a web reputation.
Security Trend Micro Deep Security - Intrusion prevention detected This alert is generated when prevention rule is reset or blocked.
Security Trend Micro Deep Security - Action failed on malware This alert is generated when malware is detected and action is failed on malware like delete failed, quarantined failed, and clean failed.
Operations Trend Micro Deep Security - Manager shutdown This alert is generated when the manager goes offline and shuts down.
Operations Trend Micro Deep Security - Manager disk space low This alert is generated when the disk space is low on a manager.
Operations Trend Micro Deep Security - Agent disk space low This alert is generated when agent disk space is low.
Compliance Trend Micro Deep Security-User authentication failed This alert is generated when the user enters wrong credentials while logging into the manager console

Reports

Type Name Description
Security Trend Micro Deep Security - Antimalware activity This report provides the information related to an anti-malware activity which includes columns Event Time, Source Computer, Target Computer, File Path, Action, and Message.
Security Trend Micro Deep Security - File integrity monitoring This report provides the information related to integrity monitoring which includes columns Event Time, Source Computer, Target Computer, File Path, Action, and Message.
Security Trend Micro Deep Security - Intrusion prevention This report provides information related to intrusion prevention which includes columns Event Time, Source Computer, Target Computer, Source IP, Destination IP, Source MAC, Destination MAC, Source Port, Destination Port, Protocol, Ethernet Frame Type and Action.
Security Trend Micro Deep Security - System logs This report provides information related to system logs which include columns Event Time, Source Computer, Target Computer, Source IP, Target Name, Target Entity, and Message.
Security Trend Micro Deep Security - Firewall activity This report provides the information related to firewall activity which includes columns Event Time, Source Computer, Target Computer, Source IP, Destination IP, Source MAC, Destination MAC, Source Port, Destination Port, Protocol, Ethernet Type Frame, and Action.
Operations Trend Micro Deep Security - Computer management This report provides information related to computer management which includes columns Event Time, Source Computer, Source IP, Source Name, Target Name, Action, and Message.
Operations Trend Micro Deep Security - Group management This report provides information related to group management which includes columns Event Time, Source Computer Name, Source IP, Group Name, Action and Message.
Operations Trend Micro Deep Security - Policy management This report provides information related to policy management which includes columns Event Time, Source Computer Name, Source User Name, Source IP, Policy Name, Action and Message.
Operations Trend Micro Deep Security - Roles management This report provides information related to roles management which includes columns Event Time, Source Computer, Source IP, Source Name, Target Name, Action, and Message.
Operations Trend Micro Deep Security - User management This report provides information related to user management which includes columns Event Time, Source Computer, Source IP, Source Name, Target Name, Action, and Message.
Compliance Trend Micro Deep Security-User authentication failed This report provides information related to user authentication failure which includes columns Event Time, Source Computer, Source IP, Source Name, Target Name, and Message.
Compliance Trend Micro Deep Security-User logon activity This report provides information related to user logon activity which includes columns Event Time, Source Computer, Source IP, Source Name, Target Name, Action, and Message.

Documentation

The configuration details in this guide are consistent with Netsurion version 9.x or later, Trend Micro Deep Security 9.5 and above.

Download Integration guide and How-to Guide for more information and to configuration instructions.