Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Deep Security Logs | ✅ | trendmicro_deep_security | CEF | S3 |
Overview
Trend Micro Deep Security is a comprehensive security solution designed to protect physical, virtual, cloud, and container environments. It offers a robust set of features including anti-malware, intrusion detection and prevention, firewall, integrity monitoring, and log inspection. By leveraging a unified security platform, Deep Security helps organizations ensure compliance, prevent data breaches, and reduce the complexity of managing multiple security tools. Its advanced capabilities, such as automated deployment and seamless integration with leading cloud service providers like AWS, Azure, and Google Cloud, enable efficient and effective protection of workloads across diverse IT environments.
Supported data types
Deep Security Logs
Table name: trendmicro_deep_security
Trend Micro Deep Security logs provide detailed records of security-related events across protected environments, including physical, virtual, cloud, and container infrastructures. These logs capture crucial information such as detected threats, intrusion attempts, firewall activities, system changes, and compliance status, enabling comprehensive monitoring and analysis.
Send data to Hunters
Hunters supports the ingestion of Trend Micro Deep Security logs through an intermediary AWS S3 bucket.
Follow this guide to forward the logs to syslog server in CEF format.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
<46>Mar 28 01:50:00 cipdsmwapaeuw01 CEF:0|Trend Micro|Deep Security Manager|20.0.864|710|Events Retrieved|3|suser=System target=a.b.com msg=Description Omitted TrendMicroDsTenant=Primary TrendMicroDsTenantId=0