Skip to content

Deep Security

Key facts

  • MSG Format based filter
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on CEF https://splunkbase.splunk.com/app/1936/

Sourcetypes

sourcetype notes
deepsecurity-system_events
deepsecurity-intrusion_prevention
deepsecurity-integrity_monitoring
deepsecurity-log_inspection
deepsecurity-web_reputation
deepsecurity-firewall
deepsecurity-antimalware
deepsecurity-app_control

Index Configuration

key sourcetype index notes
Trend Micro_Deep Security Agent deepsecurity epintel Used only if a correct source type is not matched
Trend Micro_Deep Security Agent_intrusion prevention deepsecurity-intrusion_prevention epintel
Trend Micro_Deep Security Agent_integrity monitoring deepsecurity-integrity_monitoring epintel
Trend Micro_Deep Security Agent_log inspection deepsecurity-log_inspection epintel
Trend Micro_Deep Security Agent_web reputation deepsecurity-web_reputation epintel
Trend Micro_Deep Security Agent_firewall deepsecurity-firewall epintel
Trend Micro_Deep Security Agent_antimalware deepsecurity-antimalware epintel
Trend Micro_Deep Security Agent_app control deepsecurity-app_control epintel
Trend Micro_Deep Security Manager deepsecurity-system_events epintel