Absent Member.
Absent Member.
1204 views

Integrating Trend Micro Deep Discovery to ArcSight


We are planning to integrate Trend Micro Deep Discovery to ArcSight Smart Connector.

We are currently using smart connector version 6.0.

Could anyone let me know the prerequisites to be validated for integrating the specified log source.

Labels (3)
0 Likes
Reply
8 Replies
Highlighted
New Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Has there been any update on the development of this smart connector?

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Hi Daniel,

No updates.

Could you share some information if this product is integrated in any network ?

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

You could configure DDI to send CEF format log to Syslog SmartConnector.

Check the following document and search CEF.

http://docs.trendmicro.com/all/ent/ddi/v3.5/en-us/ddi_3.5_ag.pdf

0 Likes
Reply
Highlighted
Contributor.
Contributor.

Re: Integrating Trend Micro Deep Discovery to ArcSight

I have configured DDI to send logs in syslog format, however there are few parsing issues on the connector.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Do you have sample log ?  what's the issue ?

0 Likes
Reply
Highlighted
Contributor.
Contributor.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Hi Nicholas,

In some logs, the source and destination details are interchanged.

Regards,

Praveen P

0 Likes
Reply
Highlighted
New Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Hi guys, is there a config guide from ArcSight with details on how to collect logs from TM Deep Security products? Thanks.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Integrating Trend Micro Deep Discovery to ArcSight

Hi Praveen,

Could you please let me know what is devicecustomstring3 in DDI events.

Thanks,

Sandeep

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.