Log Types: TrendDSM
- Leigh Purdie (Unlicensed)
Overview
Trend Micro “Deep Security” protects against vulnerabilities, malware, and some unauthorised modifications to servers and workstations.
Collection
Trend DSM logs can be received by Snare Central via the syslog protocol.
From your Trend Deep Security web interface, select Administration > System Settings > SIEM
In “System Event Notification” panel under the ‘Manager’ section, enable the “Forward System Events to remote computer (via Syslog)” option.
Enter the hostname or IP address of the Snare Central server, and select 514 as the target port.
Sample Events
<134>2018-11-27T05:45:23Z deepsecurity DSM: EVENTNUMBER=7024 TITLE=Application Control Software Changes Detected TARGET=ec2-18-188-45-169.us-east-2.compute.amazonaws.com ACTIONBY=System DESCRIPTION=Software changes detected by Application Control on target host. \n\nNumber of software changes: 2 TAGS= TrendDSM
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | TrendDSM |
CRITICALITY |
|
EVENTNUMBER |
|
TITLE |
|
TARGET |
|
ACTIONBY |
|
DESCRIPTION |
|
TAGS |
|
Notes