Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
1517 views

Integrating Trend Micro Deep Discovery to ArcSight


We are planning to integrate Trend Micro Deep Discovery to ArcSight Smart Connector.

We are currently using smart connector version 6.0.

Could anyone let me know the prerequisites to be validated for integrating the specified log source.

Labels (3)
0 Likes
8 Replies
Cadet 3rd Class
Cadet 3rd Class

Has there been any update on the development of this smart connector?

0 Likes
Absent Member.
Absent Member.

Hi Daniel,

No updates.

Could you share some information if this product is integrated in any network ?

0 Likes
Absent Member.
Absent Member.

You could configure DDI to send CEF format log to Syslog SmartConnector.

Check the following document and search CEF.

http://docs.trendmicro.com/all/ent/ddi/v3.5/en-us/ddi_3.5_ag.pdf

0 Likes
Cadet 1st Class
Cadet 1st Class

I have configured DDI to send logs in syslog format, however there are few parsing issues on the connector.

0 Likes
Absent Member.
Absent Member.

Do you have sample log ?  what's the issue ?

0 Likes
Cadet 1st Class
Cadet 1st Class

Hi Nicholas,

In some logs, the source and destination details are interchanged.

Regards,

Praveen P

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi guys, is there a config guide from ArcSight with details on how to collect logs from TM Deep Security products? Thanks.

0 Likes
Absent Member.
Absent Member.

Hi Praveen,

Could you please let me know what is devicecustomstring3 in DDI events.

Thanks,

Sandeep

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.