Trend Micro Vulnerability Protection
Version: Trend Micro Vulnerability Protection version upto 2.x.
Trend Micro Vulnerability Protection provides earlier, stronger endpoint protection by supplementing desktop anti-malware and threat security with proactive virtual patching. A high-performance engine monitors traffic for new specific vulnerabilities using host based intrusion prevention system (IPS) filters as well as zero-day attack monitoring. So, you can detect network protocol deviations, or suspicious content that signals an attack, or security policy violations.
Netsurion Open XDR is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth.
Netsurion Data Source Integration for Trend Micro Vulnerability Protection allows you to monitor the following components:-
- Security – IPS detection and firewall allowed and denied traffic.
- Operation – User activities, system events, agent activities, rules and policy changes.
- Compliance – User login/logout and login failures.
Once Trend Micro Vulnerability Protection is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro VP – IPS activities | This alert is generated when any IPS attack is detected by the Trend Micro Vulnerability Protection. |
| Operations | Trend Micro VP: User activities | This alert is generated when a critical user activity is detected by Trend Micro Vulnerability Protection. |
| Operations | Trend Micro VP: System events | This alert is generated when any critical system event is triggered by Trend Micro Vulnerability Protection. |
| Compliance | Trend Micro VP – User login failures | This alert is generated when any user login failure is attempted. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Trend Micro VP – Firewall allowed and denied traffic | This report provides information related to all the traffic that are allowed and denied by the Trend Micro Vulnerability Protection. |
| Security | Trend Micro VP – IPS activities | This report provides information related to all the IPS attack that is detected by the Trend Micro Vulnerability Protection. |
| Operations | Trend Micro VP- User activities | This report provides information related to all user activities that is done. |
| Operations | Trend Micro VP- Computer activities | This report provides information related to all the different Trend Micro agent activities that is added in the Trend Micro manager. |
| Operations | Trend Micro VP- System events | This report provides information related to all the system activities that is done. |
| Operations | Trend Micro VP- Rules and policy changes | This report provides information related to all the firewall/IPS rules and policy changes that are done. |
| Compliance | Trend Micro VP – User login and logout | This report provides information related to all the user login and logout activity. |
| Compliance | Trend Micro VP – User login failures | This provides information related to all the user logon failures that is attempted. |
Documentation
The configuration details in this guide are consistent with Netsurion Open XDR 8.x and later, and Trend Micro Vulnerability Protection.
Download Integration Guide for configuration instructions and more information.