지금 지원 담당자와 채팅
지원 담당자와 채팅

InTrust 11.4.2 - Preparing for Auditing Trend Micro InterScan Web Security

Knowledge Pack Overview

The InTrust Knowledge Pack for Trend Micro InterScan Web Security Virtual Appliance works with Syslog messages forwarded from Trend Micro InterScan Web Security virtual appliances to Linux hosts. These messages are treated as events, which InTrust can collect and monitor for.

For the complete list of supported events, see Audited Events.

Requirements

InTrust supports gathering and real-time monitoring of Syslog messages from InterScan Web Security Virtual Appliance 6.5.

Auditing uses a Linux host as an intermediary. InTrust supports the following Linux distributions for this purpose:

  • Red Hat Enterprise Linux 7, 6.6, 6.5, 6.4, 6.3, 5, 4
  • Oracle Linux 7, 6.6, 6.5, 6.4, 6.3

InterScan Web Security auditing may work on other distributions supported by InTrust, but this was not tested.

To prepare a Linux host, you need to install an InTrust agent and adjust the configuration of the Syslog flavor used. Currently, agents must be installed manually on each Linux host you want to cover.

Installation

The Linux Knowledge Pack is installed on top of an existing InTrust installation. The following objects are included:

  • "IWSVA through Oracle Linux Syslog" data source
  • "IWSVA hosts" site
  • "IWSVA: All Syslog Events"  gathering policy
  • "IWSVA Syslog consolidation" consolidation policy
  •  "IWSVA Syslog collection" task, containing "IWSVA Syslog collection" gathering job
  • "Trend Micro IWSVA Security" real-time monitoring policy
  • Real-time monitoring rules:
    • Virus detected

    • Spyware detected

    • Command and control callback detected

    • Data loss prevention detected

Installing Agents

InTrust agents must be installed manually on Linux hosts. For details, see Installing Agents Manually on Linux Computers.

Syslog Configuration

InTrust takes advantage of the Syslog logging system on Linux computers. It is implemented by the Syslog daemon, which accepts messages from various sources that support logging, and either writes these messages to files or passes them on to other hosts in the network.

You need to permit the Syslog daemon to receive logs from the Trend Micro virtual appliance on the proxy Red Hat host. For that, perform the Enabling Reception of External Syslog Messages procedure described in the Syslog Configuration topic. After this, you should be ready to receive events from the appliance.

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택