Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Similar documents
Integrating Symantec Endpoint Protection

Integrate Cisco IronPort Security Appliance (ESA)

Integrating Juniper Netscreen (ScreenOS)

Integrate Websense Web Security Gateway (WSG)

EventTracker: Integrating Imperva SecureSphere

Integrate Cisco IronPort Web Security Appliance (WSA)

Integrate Astaro Security Gateway

Integrate Microsoft Windows Hyper V

Integrate Check Point Firewall

Integrating Barracuda Web Application Firewall

EventTracker: Support to Non English Systems

EventTracker Knowledge Update

Immotec Systems, Inc. SQL Server 2005 Installation Document

LogLogic Trend Micro OfficeScan Log Configuration Guide

NSi Mobile Installation Guide. Version 6.2

Releasing blocked in Data Security

Sophos Anti-Virus for NetApp Storage Systems startup guide

K7 Business Lite User Manual

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Best Practice Configurations for OfficeScan (OSCE) 10.6

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Knowledge Base Articles

Accessing the Media General SSL VPN

IIS Web Server Configuration Guide

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

HDAccess Administrators User Manual. Help Desk Authority 9.0

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

ADFS Integration Guidelines

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

Sage 200 Web Time & Expenses Guide

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Live Maps. for System Center Operations Manager 2007 R2 v Installation Guide

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Non-ThinManager Components

GE Measurement & Control. Remote Comms System. Installation and User Reference Guide

Installation Troubleshooting Guide

Scan to Quick Setup Guide

Core Protection Suite

LepideAuditor Suite for File Server. Installation and Configuration Guide

Monitor Mobile Devices via ActiveSync Using EventTracker

Trend Micro OfficeScan Best Practice Guide for Malware

Pearl Echo Installation Checklist

523 Non-ThinManager Components

Secure IIS Web Server with SSL

Integrating LANGuardian with Active Directory

Hardening Guide for EventTracker Server

Trend ScanMail. for Microsoft Exchange. Quick Start Guide

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

XStream Remote Control: Configuring DCOM Connectivity

Sophos for Microsoft SharePoint startup guide

IIS, FTP Server and Windows

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

APNS Certificate generating and installation

Information to configure your Windows 7 office computer is described below.

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

NETWRIX EVENT LOG MANAGER

Online Statements. About this guide. Important information

How to monitor AD security with MOM

Setup and configuration for Intelicode. SQL Server Express

WhatsUp Gold v16.1 Installation and Configuration Guide

etoken Enterprise For: SSL SSL with etoken

How to install and use the File Sharing Outlook Plugin

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Net Protector Admin Console

DCOM Setup. User Manual

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Configuration Information

QUANTIFY INSTALLATION GUIDE

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Installation Guide v3.0

Cloud Authentication. Getting Started Guide. Version

DCOM settings for computer-to-computer communication between OPC servers and OPC clients

NETWRIX EVENT LOG MANAGER

Installing GFI Network Server Monitor

Novell ZENworks Asset Management 7.5

Moving the TRITON Reporting Databases

ViRobot Desktop 5.5. User s Guide

Core Protection for Virtual Machines 1

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Best Practices for Deploying Behavior Monitoring and Device Control

Managing Identities and Admin Access

EventTracker Enterprise v7.3 Installation Guide

ScriptLogic File System Auditor User Guide

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Lab: Data Backup and Recovery in Windows XP

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Wireless Installation Checklist for Novell GroupWise Environments

Managed Security Web Portal USER GUIDE

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Transcription:

Integrating Trend Micro OfficeScan 10 EventTracker v7.x Publication Date: August 26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

Abstract This guide will help you in configuring Trend Micro OfficeScan events and EventTracker to receive Trend Micro OfficeScan events. You will find the detailed procedures required for monitoring Trend Micro OfficeScan. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later, and Trend Micro OfficeScan 10 and later. Intended audience Administrators who are assigned the task to monitor and manage Trend Micro OfficeScan events using EventTracker. 1

Table of Contents Abstract... 1 Scope... 1 Intended audience... 1 About Trend Micro OfficeScan... 3 Overview... 3 Prerequisites... 3 Configuration... 4 Configure Syslog and Windows Event for Trend Micro Control Manager... 9 EventTracker Agent configuration... 12 EventTracker Knowledge Pack... 15 Categories... 15 Alerts... 16 Reports... 16 Import Trend Micro OfficeScan knowledge pack into EventTracker... 17 Import Category... 17 Import Alerts... 18 Import Tokens... 20 Import Flex Reports... 21 Verify Trend Micro OfficeScan knowledge pack in EventTracker... 23 Verify Trend Micro OfficeScan Categories... 23 Verify Trend Micro OfficeScan Alerts... 24 Verify Trend Micro OfficeScan Tokens... 25 Verify Trend Micro OfficeScan Reports... 26 Sample Report... 27 2

About Trend Micro OfficeScan OfficeScan is a powerful endpoint security solution and is a combination of on premise and inthe-cloud security technologies to protect file servers, desktops, laptops, and virtualized desktops. This application is a well supervised antivirus service providing enhanced support for antivirus / anti spyware / firewall protection for endpoint and mobile security. Overview In order to monitor Trend Micro OfficeScan 10.5 in EventTracker, you need to perform the configurations as below. Configure Trend Micro OfficeScan to log all client events. Configure Trend Micro OfficeScan to send all events as Windows event and Syslog to EventTracker System. Prerequisites Prior to configuring Trend Micro OfficeScan Server and EventTracker, ensure that you meet the following prerequisites: Trend Micro OfficeScan Server 10 is running on Microsoft Windows 2003 Enterprise Edition R2 and later with proper access permissions to make configuration changes. Install Trend Micro Control Manager 6 on Microsoft Windows 2003 and later. EventTracker Agent should be installed. Administrative access on EventTracker. 3

Configuration Trend Micro OfficeScan logs are generated in Windows Event Log format on the Windows host machine configured for OfficeScan Server. To configure Trend Micro OfficeScan: 1. Log in to the Trend Micro OfficeScan interface. Figure 1 Login page of Trend Micro OfficeScan Web Console displays. 4

Figure 2 2. Enter valid User name: and Password:, and then click the Log On button. Summary Page of Trend Micro OfficeScan displays. 5

Figure 3 3. Click Notifications tab on the left hand side. 4. Expand the Administrator Notifications section. 5. Select Standard Notifications, and then select NT Event Log tab. 6. Select Enable notification via NT Event Log option. 7. Leave the Message box as default, and then click the Save button. 6

Figure 4 In Standard Notifications pane, Criteria tab displays by default. 8. Select Send notifications when virus/malware is detected and Send notifications when spyware/grayware is detected option. 9. Click the Save button. 7

Figure 5 8

Configure Syslog and Windows Event for Trend Micro Control Manager 1. Log in to the Trend Micro Control Manager device. 2. Select Administration > Settings > Event Center Settings. 3. Click General Event Settings. Figure 6 4. In SysLog Settings pane, enter EventTracker Server IP address*: and Server port*: as 514. 5. Click Save. To configure events in the Event Center. 1. Select Administration > Event Center. 2. From the Event Category list, expand Alert. 3. Click Recipients for an alert. 9

Figure 7 Recipients page displays. 4. In Notification methods, select Syslog and Windows event log Notification option. 10

5. Click the Save button. Figure 8 The Edit Recipients Result window is displayed. 6. Click the OK button. Figure 9 11

EventTracker Agent configuration 1. Select the Start button, select All Programs, and then select Prism Microsystems. 2. Select EventTracker, select EventTracker Control Panel, and then select EventTracker Agent Configuration. 3. Select Event Filters tab, and then select the Filter Exception button. Figure 10 12

Filter Exception window displays. 4. Click the New button. Figure 11 Event Details window displays. 5. In Match in Source: box, enter Trend Micro OfficeScan Server. 13

Figure 12 6. Click the OK button. 14

EventTracker Knowledge Pack Once Trend Micro OfficeScan events are enabled and Trend Micro OfficeScan events are received in EventTracker, Alerts and Reports can be configured in EventTracker. The following Knowledge Packs are available in EventTracker to support Trend Micro OfficeScan monitoring Categories Trend Micro OfficeScan: Virus Detected: This category based report provides information related to Virus Detected from Trend Micro OfficeScan. Trend Micro OfficeScan: Virus Quarantine: This category based report provides information related to Virus in Quarantine. Trend Micro OfficeScan: Web Security Violation: This category based report provides information related to Web Security Violation in Organization. Trend Micro OfficeScan: Spyware Detected: This category based report provides information related to Spyware Detected from Trend Micro OfficeScan. Trend Micro OfficeScan: Administrator Password changed: This category based report provides information related to Administrator Password changed in Trend Micro OfficeScan. Trend Micro OfficeScan: Firewall policy added: This category based report provides information related to Firewall policy added in Trend Micro OfficeScan. Trend Micro OfficeScan: Firewall policy deleted: This category based report provides information related to deleted Firewall policy from Trend Micro OfficeScan. Trend Micro OfficeScan: Firewall policy modified: This category based report provides information related to modified Firewall policy from Trend Micro OfficeScan. Trend Micro OfficeScan: User account created: This category based report provides information related to User account created in Trend Micro OfficeScan. Trend Micro OfficeScan: User account deleted: This category based report provides information related to User account deleted in Trend Micro OfficeScan. 15

Trend Micro OfficeScan: User account modified: This category based report provides information related to User account modified in Trend Micro OfficeScan. Trend Micro OfficeScan: User Roles created: This category based report provides information related to User Roles created in Trend Micro OfficeScan. Trend Micro OfficeScan: User Roles Deleted: This category based report provides information related to User Roles Deleted in Trend Micro OfficeScan. Alerts Trend Micro OfficeScan: Virus Detected: This alert is generated when any virus are detected from Trend Micro OfficeScan. Trend Micro OfficeScan: Virus Quarantine: This alert is generated when any virus is unable to delete or move to Quarantine from Trend Micro OfficeScan. Trend Micro OfficeScan: Spyware Detected: This alert is generated when any Spyware are detected from Trend Micro OfficeScan. Trend Micro OfficeScan: Web Security Violation: This alert is generated when any user accesses blocked websites in Organization. Reports Trend Micro: User Authentication Success - This report provides information related to user which authenticated with firewall successfully which includes user details and its role Trend Micro: User Account Management - This report provides information related with account creation, deletion and modification which include user by whom creation, deletion or modification happens and details of changes happen in accounts. Trend Micro: Firewall Policy Management - This report provides information related to changes happen in Firewall policy of Trend Micro officescan which includes User by whom changes happens and what changes happen (added, deleted or modified). 16

Import Trend Micro OfficeScan knowledge pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click Export Import Utility, and then click Import tab. Import Category/Alert/Tokens/ Flex Reports as given below. Import Category 1. Click Category option, and then click the browse button. Figure 13 17

2. Locate All TREND MICRO OFFICESCAN group of Categories.iscat file, and then click the Open button. 3. To import categories, click the Import button. EventTracker displays success message. Figure 14 4. Click OK, and then click the Close button. Import Alerts 1. Click Alerts option, and then click the browse button. 18

Figure 15 2. Locate All TREND MICRO OFFICESCAN group of Alerts.isalt file, and then click the Open button. 3. To import alerts, click the Import button. EventTracker displays success message. Figure 16 4. Click OK, and then click the Close button. 19

Import Tokens 1. Click Token value option, and then click the browse button. Figure 17 2. Locate Trend Micro OfficeScan tokens.istoken file, and then click the Open button. 3. To import tokens, click the Import button. EventTracker displays success message. 20

Figure 18 4. Click OK, and then click the Close button. Import Flex Reports 1. Click Scheduled Report option, and then click the browse button. Figure 19 2. Locate Trend Micro OfficeScan Flex Report.issch file, and then click the Open button. 21

3. To import scheduled reports, click the Import button. EventTracker displays success message. Figure 20 4. Click OK, and then click the Close button. 22

Verify Trend Micro OfficeScan knowledge pack in EventTracker Verify Trend Micro OfficeScan Categories 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Categories. 3. In Category Tree to view imported categories, scroll down and expand Trend Micro OfficeScan group folder to view the imported categories. Figure 21 23

Verify Trend Micro OfficeScan Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In Search field, type Trend Micro', and then click the Go button. Alert Management page will display all the imported Trend Micro OfficeScan alerts. Figure 22 4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 23 5. Click OK, and then click the Activate Now button. 24

NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. Verify Trend Micro OfficeScan Tokens 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Parsing Rules. The imported Trend Micro OfficeScan tokens are added in Token-Value Groups list. Please refer Figure 24. Figure 24 25

Verify Trend Micro OfficeScan Reports 1. Logon to EventTracker Enterprise. 2. Click the Reports menu, and then select Configuration. 3. In Reports Configuration pane, select Defined option. EventTracker displays Defined page. 4. In search box enter Trend Micro, and then click the Search button. EventTracker displays Flex reports of Trend Micro. Figure 25 26

Sample Report Figure 26 Figure 27 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information