Overview
Deep Security Manager is the centralized web-based management console that administrators use to configure security policy and deploy protection to the enforcement components: the Deep Security Virtual Appliance and the Deep Security Agent.
Prerequisites
- Logsign 6.3.+ versions support this integration.
Configure On Trend Micro
Forwarding settings are completed as follows:
(Note: API keys can only be used with the newUse the Deep Security API to automate tasks available in Deep Security Manager 11.1 and later.)
- Go to Administration > User Management > API Keys.
- Click New.
- In the Properties window, enter a Name and Description for the API key.
- Click on the Role list and select a role. Auditor grants read-only access to the Deep Security Manager through the API, while Full Access grants both read and write access. If you need more specific roles for API key users, you can select New and define one. See Define roles for users for more information on doing so.
- Select a Language.
- Select a Time Zone.
- Optionally select Expires on and select an expiry date for the API key.
- Click OK.
- Copy the Secret key value.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write Deep Security Manager.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- Api Key: Define the Api Key.
- Host: The URL address of the Deep Security Manager device/product to be integrated with Logsign.
- Port: Define the port number.
- Click Create to save the changes.
Methods
MODIFY-INTRUSION-PREVENTION-RULE
- Device: Select the configuration you have configured.
- Name: The name of the intrusion prevention rule.
- Description: The description of the intrusion prevention rule.
- Minumum Agent Version: The minimum version of the Deep Security Agent or ApplianceClosed required to support this intrusion prevention rule.
- Application Type ID: The application type id under which this intrusion prevention rule is grouped.
- Priority: The priority level of the rule. Higher priority rules are applied before lower priority rules.
- Severity: Define the severity.
- Type: Define the type.
- Original Issue: The date the rule was released. This does not indicate when the rule was downloaded.
- Last Updated: The last time the rule was modified either locally or during Security Update download.
- Template: Define the template.
- Start: Define the start date.
- Patterns: Define the patterns.
- End: Define the end date.
- Condition: Define the condition.
- Action: Define the action.
- Custom XML: Define the custom xml.
- Schedule ID: Define the schedule id.
- Context ID: Edit an intrusion prevention rule so that your changes apply only in the context id of the policy or computer.
- Recommendations Mode: Define intrusion prevention rules from rule recommendations of recommendation scans.
- Depends On Rule IDs: Define the rule ids.
- CVSSScore: A measure of the severity of the vulnerability according the National Vulnerability database.
- CVE: Define the cve.
- Policy ID: Define the policy id.
- Intrusion Prevention Rule ID: Define the intrusion prevention rule id.
(Note: For detailed information, you can reach from the website. https://help.deepsecurity.trendmicro.com/20_0/on-premise/intrusion-prevention-rules.html )
MODIFY-INTEGRITY-MONITORING-RULE
- Device: Select the configuration you have configured.
- Name: The name of the modify integrity monitoring rule.
- Description: The description of the modify integrity monitoring rule.
- Severity: Define the severity.
- Template: Define the template.
- Registry Key Root: Specify the registry key root.
- Registry Key Value: Specify the registry key value.
- Registry Included Values: Define the included values of registry.
- Registry Excluded Values: Define the excluded values of registry.
- Registry Attributes: Define the attributes of registry.
- File Base Directory: Define the file base directory.
- File Included Values: Define the file included values.
- File Excluded Values: Define the file excluded values.
- File Attributes: Define the file attributes.
- Custom XML: Define the custom xml.
- Recommendations Mode: Define modify integrity monitoring rules from rule recommendations of recommendation scans.
- Policy ID: Define the policy id.
- Integrity Monitoring Rule ID: Define the integrity monitoring rule id.
MODIFY-POLICY
- Device: Select the configuration you have configured.
- Integrity Monitoring Setting Combined Mode Protection Source: Define the combined mode protection source.
- Integrity Monitoring Setting Auto Apply Recommendations Enabled: Define the apply recommendations enabled.
- Integrity Monitoring Setting Virtual Appliance Optimization Scan Cache Entries Max: Define the scan cache entries max.
- Integrity Monitoring Setting Scan Cache Config Id: Define the scan cache config id.
- Integrity Monitoring Setting Syslog Config Id: Define the syslog config id.
- Integrity Monitoring Setting Content Hash Algorithm: Define the content hash algorithm.
- Integrity Monitoring Setting Realtime Enabled: Define the setting realtime enabled.
- Integrity Monitoring Setting Cpu Usage Level: Define the cpu usage level.
- Intrusion Prevention Setting Virtual And Container Network Scan Enabled: Define the network scan enabled.
- Intrusion Prevention Setting Engine Option Fragmented Ip Keep Max: Define the ip keep max.
- Intrusion Prevention Setting Engine Option Fragmented IpTimeout: Define the ip timeout.
- Intrusion Prevention Setting Nsx Security Tagging Prevent Mode Level: Define the prevent mode level.
- Intrusion Prevention Setting Engine Options Enabled: Define the engine options enabled.
- Intrusion Prevention Setting Log Data Rule First Match Enabled: Define rule first match enabled.
- Intrusion Prevention Setting Engine OptionmFragmented Ip Packet Send Icmp Enabled: Define the ip packet icmp enabled.
- Intrusion Prevention Setting Nsx Security Tagging Detect Mode Level: Define the tagging detect mode level.
- Intrusion Prevention Setting Engine Option Fragmented Ip Unconcerned Mac Address Bypass Enabled: Define the unconcerned mac address bypass enabled.
- Intrusion Prevention Setting Combined Mode Protection Source: Define the combined mode protection source.
- Policy Id: Define the policy id.