Quick Start Security for TrendMicro
Thank you!
We got your information.
TrendMicro - Security Extension
TrendMicro develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Two such products/solutions are TrendMicro Web Security and TrendMicro Email Security.
TrendMicro Web Security protects against web threats. It uses cross generational defense techniques to catch known and unknown threats, giving you visibility and access control on unsanctioned cloud applications for each of your users.
TrendMicro Email Security stops more phishing, ransomware, and BEC attacks. This solution minimizes management overhead and integrates with other TrendMicro security layers to share threat intelligence and provide central visibility of threats across your organization.
This extension pack aggregate alerts to different TrendMicro products, please review the alerts and enable/disable them according to the relevant products you have.
Please Note that this extension is built on Syslog integration between TrendMicro and Coralogix, and it requires it to operate.
Coralogix Extension For TrendMicro Includes:
Alerts - 8
Stay on top of TrendMicro key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Trend Micro Web Security - High Severity
This alert detects all Trend Micro web security logs that have high severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'malwaretype', 'scantype' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same user/machine/ip and adjacent logs.
Trend Micro Email Security - High Severity
This alert detects all Trend Micro email security logs that have high severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation Depends on the type and parameters of the log. Device action details can be checked in the log to understand the action performed on the device upon receiving an email. Also, check for more details in the logs.
Trend Micro Web Security - Medium Severity
This alert detects all Trend Micro web security logs that have medium severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'malwaretype', 'scantype' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same user/machine/ip and adjacent logs.
Trend Micro Email Security - Medium Severity
This alert detects all Trend Micro email security logs that have medium severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation Depends on the type and parameters of the log. Device action details can be checked in the log to understand the action performed on the device upon receiving an email. Also, check for more details in the logs.
Trend Micro Web Security - Low Severity
This alert detects all Trend Micro web security logs that have low severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'malwaretype', 'scantype' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same user/machine/ip and adjacent logs.
Trend Micro Email Security - Low Severity
This alert detects all Trend Micro email security logs that have low severity. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation Depends on the type and parameters of the log. Device action details can be checked in the log to understand the action performed on the device upon receiving an email. Also, check for more details in the logs.
Trend Micro Web Security - Web Reputation Services (WRS) Disabled
This alert detects all Trend Micro web security logs that have a severity of 0 (zero). The severity 0 means that Web Reputation Service (WRS) is disabled. Trend Micro recommends disabling Web Reputation for internal computers if you already use a Trend Micro product with Web Reputation capability (such as InterScan Gateway Security Appliance or InterScan Web Security Appliance). Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'malwaretype', 'scantype' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same user/machine/ip and adjacent logs.
No logs from TrendMicro
This rule detects if there are no logs in the last 36 hours for TrendMicro in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562
Integration
Learn more about Coralogix's out-of-the-box integration with TrendMicro in our documentation.