Trend Micro Web Security

Version: Trend Micro Web Security (cloud platform)

Trend Micro Web Security (TMWS) provides users with forward-looking threat protection on web threats, URL filtering, and application control, etc. It uses cross-generational defenses to detect known and unknown threats while providing visibility and access control. The deployment model provides flexibility to deploy gateways on-premises, in the cloud or both – protecting users. It also provides a single cloud-based management console which allows to customize policy, manage users, and access reports through a single panel.

Trend Micro Web Security integrates with Netsurion Open XDR to give security analytics, with deep data context so that organizations can be confident in their data security strategy. Benefits include, scheduled reports, Integrated TMWS dashboards and alerts for streamlined investigation.

Reports are the best to view the historical data (depending on the timeline defined). Some of the reports provided by Netsurion for TMWS are audit activities summary such as, user or group management, or login and logout, gateway related activities summary, such as dropping or discarding or analyzing a traffic.

Dashboards are the graphical representations of activities occurring in TMWS. These dashboards can be a pie chart, a bar diagram, or even a map. This allows users to view the key highlights of TMWS events. Some of the dashboards includes, audit events timeline, UI login activities, dropped traffic by country code, etc.

Alerts such as, suspicious URL/Domains have been Identified, are included in the knowledge packs. These alerts can be configured to forward emails to users/admin of TMWS as soon as any suspicious events are detected.

Once TMWS is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security TMWS – Suspicious URL/Domains have been Identified This alert is triggered by Netsurion as soon as it receives events associated with gateway traffic labelled as drop, analyze, or warn.

Reports

Type Name Description
Security TMWS – Gateway Activities This report allows users to extract the detailed summary of events specific to web traffic within the gateways configured in TMWS such as, allowed traffic, denied traffic, analyze traffic, etc. It contains action type, http request, http response, protocol type, log datetime, WRS score, etc.
Operations TMWS – Audit activities This report allows users to extract the detailed summary of events specific to admin or operational activities in TMWS web console such as, login logout, users create/ delete, gateway add/remove, etc. It contains username, action type, log datetime, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.2 and later, Trend Micro Web Security (Cloud platform).

Download Integration Guide and How-to Guide for configuration instructions and more information.