Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Trend Micro Interscan Web Filter

Trend Micro Interscan Web Filter

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 15 event types Security and Compliance

Event Types

In RESOURCES > Event Types, search for "TrendMicro-InterscanWeb-" in the main content panel Search... field.

Sample Event Type:

<130>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_BLOCKING|LOG_CRIT] Blocked URL log tk_username=1.1.1.1,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=https,tk_url=https://google.com:443/,tk_malicious_entity=,tk_file_name=,tk_entity_name=,tk_action=,tk_scan_type=user defined,tk_blocked_by=rule,tk_rule_name=google.com,tk_opp_id=0,tk_group_name=None,tk_category=URL Blocking,tk_uid=0099253425-0ecd0076872a9d0ace16,tk_filter_action=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_ACCESS_TRACKING|LOG_INFO] Access tracking log tk_username=1.1.1.1,tk_url=http://aaa.com/pc/SHAREitSubscription.xml,tk_size=0,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=http,tk_mime_content=unknown/unknown,tk_server=abc.com,tk_client_ip=1.1.1.1,tk_server_ip=2.2.2.2,tk_domain=aaa.com,tk_path=pc/SHAREitSubscription.xml,tk_file_name=SHAREitSubscription.xml,tk_operation=GET,tk_uid=0099253421-bdd7d4ce063b924a2342,tk_category=56,tk_category_type=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:59,IST> [EVT_PERFORMANCE|LOG_INFO] Performance log tk_server=abc.com,tk_date_field=2017-09-18 10:00:59+0530,tk_metric_id=Number of FTP Processes,tk_metric_value=6,

Rules

There are no specific rules, but generic rules for Web Filters and Generic Servers apply.

Reports

There are no specific reports, but generic rules for Web Filters and Generic Servers apply.

Configuration

Configure TrendMicro Interscan Web Filter to send syslog on port 514 to FortiSIEM.

Trend Micro Interscan Web Filter

Trend Micro Interscan Web Filter

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 15 event types Security and Compliance

Event Types

In RESOURCES > Event Types, search for "TrendMicro-InterscanWeb-" in the main content panel Search... field.

Sample Event Type:

<130>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_BLOCKING|LOG_CRIT] Blocked URL log tk_username=1.1.1.1,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=https,tk_url=https://google.com:443/,tk_malicious_entity=,tk_file_name=,tk_entity_name=,tk_action=,tk_scan_type=user defined,tk_blocked_by=rule,tk_rule_name=google.com,tk_opp_id=0,tk_group_name=None,tk_category=URL Blocking,tk_uid=0099253425-0ecd0076872a9d0ace16,tk_filter_action=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:48,IST> [EVT_URL_ACCESS_TRACKING|LOG_INFO] Access tracking log tk_username=1.1.1.1,tk_url=http://aaa.com/pc/SHAREitSubscription.xml,tk_size=0,tk_date_field=2017-09-18 10:00:48+0530,tk_protocol=http,tk_mime_content=unknown/unknown,tk_server=abc.com,tk_client_ip=1.1.1.1,tk_server_ip=2.2.2.2,tk_domain=aaa.com,tk_path=pc/SHAREitSubscription.xml,tk_file_name=SHAREitSubscription.xml,tk_operation=GET,tk_uid=0099253421-bdd7d4ce063b924a2342,tk_category=56,tk_category_type=0
<134>abc.com: <Mon, 18 Sep 2017 10:00:59,IST> [EVT_PERFORMANCE|LOG_INFO] Performance log tk_server=abc.com,tk_date_field=2017-09-18 10:00:59+0530,tk_metric_id=Number of FTP Processes,tk_metric_value=6,

Rules

There are no specific rules, but generic rules for Web Filters and Generic Servers apply.

Reports

There are no specific reports, but generic rules for Web Filters and Generic Servers apply.

Configuration

Configure TrendMicro Interscan Web Filter to send syslog on port 514 to FortiSIEM.