All Apps and Add-ons

Download for TA-trendmicro

hartfoml
Motivator

In the answer below it referenced a TA for Trendmicro. I could not find this on apps.splunk.com

how-do-we-import-mcafee-epo-into-splunk

Is this TA only available with the paid version of ES?

Anyone know where I can download without buying ES?

Anyone know a way to get TrendMicro Control Manager Logs into splunk?
Anyone working on a Trendmicro Dashboard or App?

Tags (1)
0 Karma

johmut
New Member

Hi, TA-trendmicro is indeed delivered with Splunk Enterprise Security. To deploy it in a distributed environment, you will need to extract the add-on from the Splunk ES package and install/configure it across your indexers (cluster) and the forwarder running TMCM.
In TMCM you need to configure the alerts you are interested in to write an event in the Application Windows Event Log. TMCM events will be processed by TA-trendmicro, assigning sourcetypes, tags, extracting fields etc. so they become available to the ES Data Models.

I got the data into Splunk, properly tagged, sourcetype and all. However I don't find the data in ES ? Did you ? What more is needed ?

Thanks,
JohMut

0 Karma

varma1729
New Member

Hello Mike, Did you made any progress on the above topic? I looking for an add-on/app which will help me best with ingesting SMEX logs from Trend Micro Control Managers (Version: 6.0 (Build 1327) service pack:3). I would really appreciate any help you can offer on this.

Thanks,
Varma

0 Karma

helarn
Engager

Hi Verma1729,

To my knowledge there is released add-on/app for ingesting the Trend Micro Control Manager Logs.
We had the same issues and ended up configuring DB connect to pull the logs directly from the Control Manager database then build it out from there.

The Control manager DB schema is not publicly available so you will need to contact your TAM to get your hands on it.
Link to DB Connect: https://splunkbase.splunk.com/app/2686/

Cheers,
Matt

0 Karma

ChrisG
Splunk Employee
Splunk Employee
0 Karma

plalo
New Member

Thanks ChrisG,

I am aware of these, however, they don't seem to have functionality for the other TrendMicro products as mention by OP - TrendMicro Control Manager logs which collect all the alerts from the controlled OfficeScan endpoints as well as ScanMail if so configured. This is the TrendMicro data of interest which should not be confused with the DeepSecurity products.

Do you know of a means for Splunk ingestion of the Control Manager events collected from OfficeScan\ScanMail clients?

Thank you.

0 Karma

plalo
New Member

Thank you for the details and follow up.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Thanks. I am not really familiar with Trend Micro products, so I was just highlighting the available apps as a response to the original "Anyone working on a Trendmicro Dashboard or App" question, because these weren't available at the time of the original post.

So, not a great answer to your follow-up comment/question. My apologies.

You could contact the developer of the existing app to see if there are other resources he's aware of.

0 Karma

plalo
New Member

TrendMicro Control Manager is a great source to monitor AV detection across all OfficeScan and ScanMail clients. Has anyone made any progress here?

0 Karma

lloydknight
Builder

can anyone confirm if TA for Trendmicro is exclusive to Splunk ES only? Thanks.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...