Trend Micro

Trend Micro consists of security analytics components that normalize Trend Micro events, enabling you to analyze Trend Micro data. It includes the Universal Rest API based TrendVisionOne and the Syslog Collector based Trend Micro log source templates, which ensure consistency in collecting, processing, and analyzing Trend Micro logs for precise security event analysis and reporting.

Release Details

Version: 6.1.0

Release Date: December 19, 2024

Supported On: Logpoint 7.0.0 or later, Logpoint v7.4.0 or later for log source template

SHA 256: 7155cbd087508f1abe751a5c328fb7f7fcdc59df4586cc8bdbc5ebc95470cc5a

Documentation: Trend Micro guide

Download

Key Information

Activate the label package LP_Trend Micro Control Manager to apply specific labels and group similar logs together. To learn more, go to Activating Labels Packages.

Enhancements

Description

Issue ID

Reference ID

Added Universal Rest API based TrendVisionOne log source template to simplify the log source configuration process. Go to Universal Rest API based Log Source Template to learn more.

KB-24570

Added VisionOne and VisionOneCEF modules in TrendMicroCompiledNormalizer to support VisionOne and VisionOne CEF logs. To learn more, go to Compiled Normalizer.

KB-19220, KB-22098KB-22836, KB-24466

7721978635

Added CompiledNormalizer Date Preference (CNDP) support to TrendMicroCompiledNormalizer, ensuring consistent date format in normalized TrendMicro logs. Go to CNDP to learn how to configure it.

Updated the device_category field's value to reflect a generic taxonomy for device categories such as EDR, XDR, MDR and EPO.

CompiledNormalizer	Module	Former Field Value	Updated Field Value
TrendMicroCompiledNormalizer	ApexCentral	EPO	EPP
	ApexOne
	ControlManagerCEF
	OfficeScan
	TrendMicroApexCentralCompiledNormalizer
	TrendMicroControlManagerCEFCompiledNormalizer

KB-24160

Removed the following generic widgets:

Dashboard	Widget
LP_Trend Micro Control Manage	Top 10 Email Sender IP Address
LP_Trend Micro Control Manage	Top 10 Senders in Content Security Violation
LP_Trend Micro DB	Sources Connecting Infected Destinations - List
LP_Trend Micro DB	User Logged in From Infected Sources - List
LP_Trend Micro Deep Security	Top 10 Alert and Report Email Receivers
LP_Trend Micro Deep Security	Alert And Report Emails - List
LP_Trend Micro Deep Security - Antimalware	Top 10 Names in Malware
LP_Trend Micro IWSVA	Hits
	Top 10 Visited Websites
	Top 10 Users

KB-25031

Updated the following widgets to improve its performance:

Dashboard	Widget
LP_CEF: Trend Micro Deep Discovery - Virtual Analyser	Virtual Analyzer Overview
TREND MICRO APEX CENTRAL - OVERVIEW	Malware - Details
LP_Trend Micro Control Manager	Top 10 Endpoints - Failed Actions

Renamed the following widgets:

Dashboard	Former Widget Name	Renamed Widget Name
LP_Trend Micro Deep Security - Overview	Top 10 Names in Log Inspection	Top 10 Event Category
LP_Trend Micro Deep Security - Overview	Top 10 Names Integrity Monitor	Top 10 Event Category from Integrity Monitor

Bug Fix

Description	Issue ID	Reference ID
The path field with a double slash ( \\ ) in its value for raw TrendMicroApexCentral logs was not correctly normalized by TrendMicroApexCentralCompiledNormalizer.	KB-23908	-
The source_address field of normalized TrendMicroApexCentral logs mapped the src field with incorrect value format.	KB-23908	-
The filterRiskLevel and riskLevel sub fields of raw TrendVisionOne logs, when normalized by TrendMicroCentralCompiledNormalizer, mapped only the riskLevel field's value in the risk_level field.	KB-25105	-

Past Releases

Trend Micro v6.0.0

Release Date: May 07, 2024

Supported On: Logpoint v7.4.0 or later for log source template

Download: TrendMicro_6.0.0.pak

SHA256: 6fff70876f57c3c5e882cab661aefaf4c9c90efb83f2ed49106a9d2b12bc3fca

Enhancements

Description	Issue ID	Reference ID
Added Syslog Collector based Trend Micro log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.	KB-22742	-
Added a new compiled normalizer TrendMicroCompiledNormalizer to support DeepSecurityCEF, ControlManagerCEF, DeepDiscoveryCEF, OfficeScan, ISMS, IMSVA, ApexCentral and CloudAppSecurity logs.	KB-20162	-
Added a dashboard LP_TREND MICRO IMSVA to support IMSVA log format. To know more, go to Trend Micro Dashboards.	KB-18909	70584

Bug Fix

Description	Issue ID	Reference ID
TrendMicroDeepSecurityCEF logs were not normalized by TrendMicroDeepSecurityCEFCompiledNormalizer and Trend Micro normalization packages.	KB-20767	74135

Trend Micro v5.1.0

Release Date: August 16, 2022

Supported On: Logpoint v6.7.0 or later

Download: TrendMicro_5.1.0.pak

SHA256: 440ad10993d345835215ec1a10c4b9e4d1426ad69d3b4ca52ec07415ec9de217

Enhancements

Description

Issue ID

Reference ID

Added TrendMicroCloudAppSecurityCompiledNormalizer to normalize Trend Micro Cloud App Security logs.

KB-13319

56559

Added the following alerts:

Trend Micro Deep Security Ransomware Detection
Trend Micro Deep Security Botnet Detection

To learn more, go to Trend Micro Alerts.

KB-13885

Updated LP_Trend Micro IWSVA to support IWSVA new log format. To learn more, go to Log Samples.

KB-12885

54736

Bug Fixes

The following issues are fixed:

Description	Issue ID	Reference ID
Labels were missing in some TrendMicro Deep Security logs.	KB-11137	47590
Apex Central Saas Syslog and Trend Micro Apex CentralTM logs were not normalized by TrendMicroApexCentralCompiledNormalizer.	KB-11321, KB-13632	48465, 57023

Trend Micro v5.0.1

Supported On: Logpoint v6.7.0 or later

Enhancement

A minor update has been done in Trend Micro's normalizer for better signature handling.

Trend Micro v3.3.0

Release date: May 14, 2020

SHA 256: 98b5071cd40207271b4a644f625c1885c99a2faf13c6ee6ce7a7470aa503d10e

Download: TrendMicro_3.3.0.zip

Enhancement

A minor update has been done in the Websense's normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.

Comments

François-Xavier Kouadio
April 26, 2018 14:32

Hi,
Very Nice article, Please i failed to find the ODBC table under ‘Knowledge Base’, there is no such configuration item. cloud you please help me locate it ?

Thank you for your help,

Regards

Edited by François-Xavier Kouadio April 26, 2018 14:50

Comment actions Permalink
Permanently deleted user
April 26, 2018 17:02

Hello François-Xavier,

We don't have Table on the newer version of LogPoint (6.x.x). You can configure it from Knowledge Base => Enrichment Sources => Table.
Sorry for the inconvenience caused.

Comment actions Permalink
François-Xavier Kouadio
April 27, 2018 07:59

Hello Ramesh,

Great, Thank you for your feedback.

Comment actions Permalink
Eric SAUGNAC
May 03, 2018 15:58

Hi, I can't add ODBC fetcher, Test is working but when I click on Submit, Logpoint says "Form is Beeing Submitted" and then nothing happens, I stay on the ODBC configuration widget and can only do cancel to get back to the ODBC Fetcher Widget without my configuration saved, it's really annoying...

Comment actions Permalink
François-Xavier Kouadio
May 04, 2018 07:12

Hello eric,
I'm not a LogPoint support member but as a user i have already encountered this issue. Use another browser to perform this action and it should work.
regardes,
François-Xavier KOUADIO

Comment actions Permalink

Article is closed for comments.

Trend Micro

Key Information

Enhancements

Bug Fix

Past Releases

Trend Micro v6.0.0

Enhancements

Bug Fix

Trend Micro v5.1.0

Enhancements

Bug Fixes

Trend Micro v5.0.1

Supported On: Logpoint v6.7.0 or later

Enhancement

Trend Micro v3.3.0

Enhancement

Support

Comments

Related articles