Trend Micro Interscan Web Filter
What is Discovered and Monitored
Protocol | Information Discovered | Data Collected | Used for |
---|---|---|---|
Syslog (CEF format) | - | 15 event types | Security and Compliance |
Event Types
In RESOURCE > Event Types, Search for “TrendMicro-InterscanWeb-”.
Sample Event Type:
<130>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_BLOCKING|LOG_CRIT] Blocked URL log tk_username=1.1.1.1,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=https,tk_url=https://google.com:443/,tk_malicious_entity=,tk_file_name=,tk_entity_name=,tk_action=,tk_scan_type=user defined,tk_blocked_by=rule,tk_rule_name=google.com,tk_opp_id=0,tk_group_name=None,tk_category=URL Blocking,tk_uid=0099253425-0ecd0076872a9d0ace16,tk_filter_action=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_ACCESS_TRACKING|LOG_INFO] Access tracking log tk_username=1.1.1.1,tk_url=http://aaa.com/pc/SHAREitSubscription.xml,tk_size=0,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=http,tk_mime_content=unknown/unknown,tk_server=abc.com,tk_client_ip=1.1.1.1,tk_server_ip=2.2.2.2,tk_domain=aaa.com,tk_path=pc/SHAREitSubscription.xml,tk_file_name=SHAREitSubscription.xml,tk_operation=GET,tk_uid=0099253421-bdd7d4ce063b924a2342,tk_category=56,tk_category_type=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:59,IST> [EVT_PERFORMANCE|LOG_INFO] Performance log tk_server=abc.com,tk_date_field=2017-09-18 10:00:59+0530,tk_metric_id=Number of FTP Processes,tk_metric_value=6,
Rules
There are no specific rules, but generic rules for Web Filters and Generic Servers apply.
Reports
There are no specific reports, but generic rules for Web Filters and Generic Servers apply.
Configuration
Configure TrendMicro Interscan Web Filter to send syslog on port 514 to FortiSIEM.