topic Re: Download for TA-trendmicro in All Apps and Add-ons

Download for TA-trendmicro

hartfoml — Tue, 01 Apr 2014 13:03:46 GMT

In the answer below it referenced a TA for Trendmicro. I could not find this on apps.splunk.com

Is this TA only available with the paid version of ES?

Anyone know where I can download without buying ES?

Anyone know a way to get TrendMicro Control Manager Logs into splunk?
Anyone working on a Trendmicro Dashboard or App?

Re: Download for TA-trendmicro

plalo — Mon, 04 Apr 2016 17:47:14 GMT

TrendMicro Control Manager is a great source to monitor AV detection across all OfficeScan and ScanMail clients. Has anyone made any progress here?

Re: Download for TA-trendmicro

ChrisG — Mon, 04 Apr 2016 17:56:45 GMT

There are two apps on Splunkbase now:

Re: Download for TA-trendmicro

plalo — Mon, 04 Apr 2016 18:05:26 GMT

Thanks ChrisG,

I am aware of these, however, they don't seem to have functionality for the other TrendMicro products as mention by OP - TrendMicro Control Manager logs which collect all the alerts from the controlled OfficeScan endpoints as well as ScanMail if so configured. This is the TrendMicro data of interest which should not be confused with the DeepSecurity products.

Do you know of a means for Splunk ingestion of the Control Manager events collected from OfficeScan\ScanMail clients?

Thank you.

Re: Download for TA-trendmicro

ChrisG — Mon, 04 Apr 2016 18:16:00 GMT

Thanks. I am not really familiar with Trend Micro products, so I was just highlighting the available apps as a response to the original "Anyone working on a Trendmicro Dashboard or App" question, because these weren't available at the time of the original post.

So, not a great answer to your follow-up comment/question. My apologies.

You could contact the developer of the existing app to see if there are other resources he's aware of.

Re: Download for TA-trendmicro

plalo — Mon, 04 Apr 2016 18:16:56 GMT

Thank you for the details and follow up.

Re: Download for TA-trendmicro

varma1729 — Mon, 07 Aug 2017 16:04:54 GMT

Hello Mike, Did you made any progress on the above topic? I looking for an add-on/app which will help me best with ingesting SMEX logs from Trend Micro Control Managers (Version: 6.0 (Build 1327) service pack:3). I would really appreciate any help you can offer on this.

Thanks,
Varma

Re: Download for TA-trendmicro

helarn — Wed, 13 Sep 2017 03:02:33 GMT

Hi Verma1729,

To my knowledge there is released add-on/app for ingesting the Trend Micro Control Manager Logs.
We had the same issues and ended up configuring DB connect to pull the logs directly from the Control Manager database then build it out from there.

The Control manager DB schema is not publicly available so you will need to contact your TAM to get your hands on it.
Link to DB Connect: https://splunkbase.splunk.com/app/2686/

Cheers,
Matt

Re: Download for TA-trendmicro

lloydknight — Fri, 03 Nov 2017 04:10:56 GMT

can anyone confirm if TA for Trendmicro is exclusive to Splunk ES only? Thanks.

Re: Download for TA-trendmicro

johmut — Tue, 19 Nov 2019 09:47:14 GMT

Hi, TA-trendmicro is indeed delivered with Splunk Enterprise Security. To deploy it in a distributed environment, you will need to extract the add-on from the Splunk ES package and install/configure it across your indexers (cluster) and the forwarder running TMCM.
In TMCM you need to configure the alerts you are interested in to write an event in the Application Windows Event Log. TMCM events will be processed by TA-trendmicro, assigning sourcetypes, tags, extracting fields etc. so they become available to the ES Data Models.

I got the data into Splunk, properly tagged, sourcetype and all. However I don't find the data in ES ? Did you ? What more is needed ?

Thanks,
JohMut