Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Trend Micro Deep Discovery

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Malicious file detection Security monitoring

Event Types

In ADMIN > Device Support > Event, search for " Trend-DeepDiscoveryAnalyzer " and “Trend-DeepDiscoveryInspector” to see the event types associated with this device.

Rules

No specific rules are written for Trend-DeepDiscoveryAnalyzer and Trend-DeepDiscoveryInspector but regular end point rules apply.

Reports

No specific reports are written for Trend-DeepDiscoveryAnalyzer and Trend-DeepDiscoveryInspector but regular end point reports apply.

Configuration

Configure Trend Deep Discovery system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<123>CEF:0|Trend Micro|Deep Discovery Inspector|3.8.1175|20|Malware URL requested - Type 1|6|

dvc=10.0.1.50 dvcmac=00:0C:29:A6:53:0C dvchost=ddi38-143

deviceExternalId=6B593E17AFB7-40FBBB28-A4CE-0462-A536 rt=Mar 09 2015 11:58:25 GMT+08:00

app=HTTP deviceDirection=1 dhost=www.example.com dst=10.10.11.99 dpt=80

dmac=00:1b:21:35:8b:98 shost=10.1.1.97 src=10.1.1.197 spt=12121 smac=fe:ed:be:ef:5a:c6

cs3Label=HostName_Ext cs3=www.example.com fname=setting.doc fileType=0 fsize=0 act=not blocked

cn3Label=Threat Type cn3=1 destinationTranslatedAddress=10.1.1.2

sourceTranslatedAddress=10.1.1.197 cnt=1 cs5Label=CCCA_DetectionSource

cs5=GLOBAL_INTELLIGENCE cn1Label=CCCA_Detection cn1=1 cat=Callback cs6Label=pAttackPhase

cs6=Command and Control Communication

Trend Micro Deep Discovery

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Malicious file detection Security monitoring

Event Types

In ADMIN > Device Support > Event, search for " Trend-DeepDiscoveryAnalyzer " and “Trend-DeepDiscoveryInspector” to see the event types associated with this device.

Rules

No specific rules are written for Trend-DeepDiscoveryAnalyzer and Trend-DeepDiscoveryInspector but regular end point rules apply.

Reports

No specific reports are written for Trend-DeepDiscoveryAnalyzer and Trend-DeepDiscoveryInspector but regular end point reports apply.

Configuration

Configure Trend Deep Discovery system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<123>CEF:0|Trend Micro|Deep Discovery Inspector|3.8.1175|20|Malware URL requested - Type 1|6|

dvc=10.0.1.50 dvcmac=00:0C:29:A6:53:0C dvchost=ddi38-143

deviceExternalId=6B593E17AFB7-40FBBB28-A4CE-0462-A536 rt=Mar 09 2015 11:58:25 GMT+08:00

app=HTTP deviceDirection=1 dhost=www.example.com dst=10.10.11.99 dpt=80

dmac=00:1b:21:35:8b:98 shost=10.1.1.97 src=10.1.1.197 spt=12121 smac=fe:ed:be:ef:5a:c6

cs3Label=HostName_Ext cs3=www.example.com fname=setting.doc fileType=0 fsize=0 act=not blocked

cn3Label=Threat Type cn3=1 destinationTranslatedAddress=10.1.1.2

sourceTranslatedAddress=10.1.1.197 cnt=1 cs5Label=CCCA_DetectionSource

cs5=GLOBAL_INTELLIGENCE cn1Label=CCCA_Detection cn1=1 cat=Callback cs6Label=pAttackPhase

cs6=Command and Control Communication