Trend Micro InterScan Web Security Suite (IWSS)

This pack includes Cortex XSIAM content.

Configuration on Server Side

This section describes the configuration that needs to be done on the Trend Micro InterScan console in order to forward the IWSS event logs to Cortex XSIAM Broker VM via syslog.

1. Log in to your Trend Micro InterScan console.
2. Navigate to Logs → Syslog Configuration from the main menu.
3. Click Add under Syslog Server.
4. Select the Enable Syslog checkbox.
5. Enter the IP address of the target Cortex XSIAM Syslog Broker VM.
6. Enter the syslog service port that the target Cortex XSIAM Broker VM is listening on for receiving forwarded events from Trend Micro IWSS.
7. Select the log type(s) or priority of the logs that should be sent to Cortex XSIAM.
8. Click Save.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

You will need to use the information described here.

You can configure the specific vendor and product for this instance.

1. Navigate to Settings → Configuration → Data Broker → Broker VMs.
2. Go to the APPS column under the Brokers tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.
3. Click Add New.
4. When configuring the Syslog Collector, set the following parameters:
   | Parameter | Value
   | :--- | :---
   | Protocol | Select UDP.
   | Port | Enter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving forwarded events from Trend Micro IWSS.
   | Vendor | Enter TrendMicro.
   | Product | Enter IWSS.