Versions Compared

Old Version 2

changes.mady.by.user Sekar Venkataramani

Saved on

compared with

New Version 3

changes.mady.by.user KS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This quick start guide will help Accenture MDR customers configure Trend Micro™ Deep Discovery™ Inspector to send logs to the Log Collection Platform (LCP).

...

  1. Login to the admin console of Deep Discovery Inspector over SSL using: https://IPofappliance.

  2. After successful authentication, go to Logs > Syslog Server Settings as shown below.

Figure 1-1: The Deep Discovery Inspector console.

...

3. Under Syslog Servers, click Add to create a Syslog configuration. The Add Syslog Server page appears as shown below.Figure 1-2: The Add Syslog Server page.

...

4. Check the Enable syslog server checkbox to configure the Syslog server.

...

  1. Login to the admin console of Deep Discovery Inspector over SSL using: https://IPofappliance.

  2. After successful authentication, go to Administration Integrated Product and Services as shown below

 Figure 1-3: The Deep Discovery Inspector console.

...

3. In left pane, go to Syslog tab.​Figure 1-4: Integrated Product and Services

...

4. Click Add to create a Syslog configuration. Add Syslog Server page appears as shown below.Figure 1-5: The Add Syslog Server page

...

5. In the IP address text box, type the lcp_ip_address.

...

Table 1-2: The Trend Micro Deep Discovery Inspector event collector properties to be configured by MDR are shown in the table.

Property

Default Value

Description

Transport Protocol

UDP

The default protocol for syslog. The LCP can also accept logs in TCP.

Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the MDR onboarding team.

IP Address

 

Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ).

Note: If the device sends logs using multiple interfaces, contact the Accenture Security MDR onboarding team.

Signatures

Trend Micro,Deep Discovery Inspector

MDR recommended signatures processed by the Trend Micro Deep Discovery Inspector event collector.

Port

514

The default port for syslog. For TCP, the default port is 601.

Note: The LCP can be configured to listen on a non-standard port, please advise the MDR onboarding team if this is a requirement.

...