Integrate Trend Micro InterScan Web Security

Similar documents
Integrate TippingPoint EventTracker Enterprise

Integrate pfsense EventTracker Enterprise

Integrate Juniper Secure Access VPN

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Integrate Microsoft Hyper-V Server

Integrate Malwarebytes EventTracker Enterprise

Integrate Cisco Sourcefire

Integrate Windows PowerShell

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Integrating Barracuda SSL VPN

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Viper business antivirus EventTracker Enterprise

Integrate Sophos UTM EventTracker v7.x

Integration of Phonefactor or Multi-Factor Authentication

Integrate MySQL Server EventTracker Enterprise

Integrate Cisco IOS Publication Date: April 15, 2016

Integrating Cyberoam UTM

Integrate Microsoft Antimalware. EventTracker v8.x and above

Integrate Fortinet Firewall. EventTracker v8.x and above

Integrate HP ProCurve Switch

Integrate F5 BIG-IP LTM

Integrating Terminal Services Gateway EventTracker Enterprise

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate EMC Isilon. EventTracker v8.x and above

Integrate NGINX. EventTracker v8.x and above

Integrate Cb Defense. EventTracker v8.x and above

Integrate Dell FORCE10 Switch

Integrate Barracuda Spam Firewall

Integrate Kaspersky Security Center

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Citrix NetScaler

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrating Imperva SecureSphere

Integrating Cisco Distributed Director EventTracker v7.x

Integrate Saint Security Suite. EventTracker v8.x and above

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Integrate Microsoft Office 365. EventTracker v8.x and above

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate Microsoft IIS

Integrate Cisco Switch

Integrate McAfee Firewall Enterprise VPN

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate Palo Alto Traps. EventTracker v8.x and above

Integrate A10 ADC Publication Date: September 3, 2015

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integrate Check Point Firewall. EventTracker v8.x and above

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Apache Web Server

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

Integrate Cisco VPN Concentrator

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Integrate Aventail SSL VPN

Agent Installation Using Smart Card Credentials Detailed Document

Integrate Salesforce. EventTracker v8.x and above

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

Integrating LOGbinder SP EventTracker v7.x

How To Embed EventTracker Widget to an External Site

Port Configuration. Configure Port of EventTracker Website

Enable Auditing in Open LDAP on Linux Server

Agent health check enhancements Detailed Document

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Integrate APC Smart UPS

Remote Indexing Feature Guide

Integrate VMware ESX/ESXi and vcenter Server

Integrate Citrix Access Gateway

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Integrate WatchGuard XTM. EventTracker Enterprise

Integrate Clavister Firewall

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

New Features Guide EventTracker v6.2

EventVault Introduction and Usage Feature Guide Version 6.x

Configure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009

Upgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.

Integrate Grizzly steppe attacks detection script

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

Agent Direct Log Archiver Configuration Guide

Service Pack ET90U Feature Document

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Security Scorecard in Flex Dashboard

Secure IIS Web Server with SSL

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

IIS Web Server Configuration Guide EventTracker v8.x

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Configuring TLS 1.2 in EventTracker v9.0

EventTracker Upgrade Guide. Upgrade to v9.0

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

IIS Web Server Configuration Guide EventTracker v9.x

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

Event Correlator. EventTracker v8.x

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Adding Tokens in Flex Report

Transcription:

Integrate Trend Micro InterScan Web Security EventTracker Enterprise Publication Date: Mar. 23, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

About this Guide This guide will facilitate a Trend Micro InterScan Web Security Virtual Appliance user, to send logs to external syslog server. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise 7.x or later and Trend Micro InterScan Web Security Virtual Appliance 6.5. Audience Administrators who want to monitor Trend Micro InterScan Web Security Virtual Appliance using EventTracker Enterprise. The information contained in this document represents the current view of Prism Microsystems Inc. on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, and Prism Microsystems cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2016 Prism Microsystems Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents About this Guide... 1 Scope... 1 Audience... 1 Introduction... 3 Pre-requisites... 3 IWSVA syslog configuration... 3 EventTracker Knowledge Pack... 4 Categories... 4 Alerts... 5 Reports... 7 Import Trend Micro InterScan knowledge pack into EventTracker... 16 Import Category... 17 Import Alerts... 18 Import Tokens... 19 Import Flex Reports... 21 Import Knowledge Object... 22 Verify Trend Micro InterScan knowledge pack in EventTracker... 23 Verify Trend Micro InterScan Categories... 23 Verify Trend Micro InterScan Alerts... 24 Verify Trend Micro InterScan Tokens... 25 Verify Trend Micro InterScan Reports... 26 Verify Knowledge Object... 27 Create Dashboards in EventTracker... 28 Schedule Reports... 28 Create Dashlets... 31 Sample Dashboards... 35 2

Introduction The InterScan Web Security Virtual Appliance (IWSVA) is a gateway solution, providing protection for web-based threats via HTTP and FTP. IWSVA defends against web threats with multi-layer, multi-threat protection at the internet gateway. It accomplishes this through content filtering for potentially dangerous websites and blocking content prohibited by the organization. Pre-requisites EventTracker 7.x or later should be installed. User should have administrator privileges to IWSVA console. IWSVA syslog configuration 1. Log in to the IWSVA console. 2. Click Logs >Log Settings > Syslog Server in the main menu. 3. Click Add. 4. Under Syslog Servers: a) Select Enable checkbox to allow IWSVA to send logs to this syslog server. b) Specify the syslog server s IP address. c) Select UDP from Protocol dropdown. d) Specify the Port Number as 514. 5. Under Syslog Settings: a) Select local3 from Syslog facility dropdown to forward logs using selected priority level. b) Under Save following logs, select checkboxes for required log types as shown below to forward selected event categories. 6. Click Save. 3

Figure 1 NOTE: Enable Debug logs judiciously, as it might result into high log volume. EventTracker Knowledge Pack Once Trend Micro InterScan events are enabled and Trend Micro InterScan events are received in EventTracker, Alerts and Reports can be configured in EventTracker. The following Knowledge Packs are available in EventTracker to support Trend Micro InterScan monitoring. Categories Trend Micro InterScan: Trusted URL added: This category based report provides information related to Trusted URL added from Trend Micro InterScan. 4

Trend Micro InterScan: Trusted URL added to exception: This category based report provides information related to Trusted URL added to exception from Trend Micro InterScan. Trend Micro InterScan: User logon success: This category based report provides information related to User logon success from Trend Micro InterScan. Trend Micro InterScan: HTTP inspection policy added: This category based report provides information related to HTTP inspection policy added from Trend Micro InterScan. Trend Micro InterScan: HTTP DLP policy added: This category based report provides information related to HTTP DLP policy added from Trend Micro InterScan. Trend Micro InterScan: URL filter policy added: This category based report provides information related to URL filter policy added from Trend Micro InterScan. Trend Micro InterScan: Digital certificates management: This category based report provides information related to Digital certificates management from Trend Micro InterScan. Trend Micro InterScan: FTP DLP global policy changes: This category based report provides information related to FTP DLP global policy change from Trend Micro InterScan. Trend Micro InterScan: HTTP CPU utilization: This Category based report provides information related to HTTP CPU utilization in Trend Micro InterScan. Trend Micro InterScan: Delete policies: This Category based report provides information related to delete policies in Trend Micro InterScan. Trend Micro InterScan: Policy management: This Category based report provides information related to Policy management in Trend Micro InterScan. Alerts Trend Micro InterScan- Policies added: This alert is generated when any sort of policies have been added from Trend Micro InterScan. Logs considered Mar 07 12:07:00 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:08:29,IST> 12:08:29 GMT+05:30 2016;tk_description=Add new Application Control policy: Block Tom 5

Mar 07 12:16:30 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:17:59,IST> 12:17:59 GMT+05:30 2016;tk_description=Add Https Decryption policy: Block bing.com Mar 07 12:23:20 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:24:50,IST> 12:24:50 GMT+05:30 2016;tk_description=Exception to tunnel list now contains: www.bing.com* Mar 07 14:45:01 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 14:46:32,IST> 14:46:32 GMT+05:30 2016;tk_description=Add HTTP scan policy: virus detected:awe$mf.dfl Mar 07 14:51:22 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 14:52:53,IST> 14:52:53 GMT+05:30 2016;tk_description=Add HTTP Inspection policy: allow Bender Mar 07 15:23:32 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:25:03,IST> 15:25:03 GMT+05:30 2016;tk_description=Add HTTP DLP policy: DATA LOSS PREVENTION Mar 07 15:31:29 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:32:59,IST> 15:32:59 GMT+05:30 2016;tk_description=Add JAVA scan policy: APPLETS AND ACTIVEX Mar 07 15:43:48 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:45:19,IST> 15:45:19 GMT+05:30 2016;tk_description=Add URL filtering policy: Block Tom Mar 07 15:51:35 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:53:06,IST> 15:53:06 GMT+05:30 2016;tk_description=Add Access Quota policy: Unlimited Access Mar 07 17:19:48 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 17:21:16,IST> 17:21:16 GMT+05:30 2016;tk_description=changed FTP DLP Scan Global Policy rule: DLP rule changed Trend Micro InterScan- Policies deleted: This alert is generated when any sort of policies have been deleted from Trend Micro InterScan. Logs considered 6

Mar 07 12:11:18 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:12:47,IST> 12:12:47 GMT+05:30 2016;tk_description=Delete policy: Block Tom Account: 192.168.1.138 Mar 07 12:19:38 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:21:07,IST> 12:21:07 GMT+05:30 2016;tk_description=Delete policy: Block bing.com Account: 192.168.1.118 Mar 07 15:27:38 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:29:09,IST> 15:29:09 GMT+05:30 2016;tk_description=Delete policy: DATA LOSS PREVENTION Account: 192.168.1.118 Mar 07 15:35:33 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:37:04,IST> 15:37:04 GMT+05:30 2016;tk_description=Delete policy: APPLETS AND ACTIVEX Account: 192.168.1.131 Mar 07 15:41:01 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:42:32,IST> 15:42:32 GMT+05:30 2016;tk_description=Delete policy: Block Tom Account: 192.168.1.138 Mar 07 17:09:28 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 17:10:57,IST> 17:10:57 GMT+05:30 2016;tk_description=blacklistremove certificate: AffirmTrust Premium ECC Reports Trend Micro InterScan- Trusted URL added: This report provides information related to trusted URL added which include User Name, Trusted URL List from fields. Logs considered 7

Sample Report Figure 2 Trend Micro InterScan- Trusted URL added to exception: This report provides information related to trusted URL added to exception which includes User Name, Exception Trust List from fields. Logs considered 8

Sample Report Figure 3 Trend Micro InterScan- User logon success: This report provides information related to trusted URL added which include User Name from fields. Logs considered Sample Report Figure 4 9

Trend Micro InterScan- HTTP inspection policy added: This report provides information related to HTTP inspection policy added which include User Name, HTTP Inspection Policy added from fields. Logs considered Sample Report Figure 5 Trend Micro InterScan- HTTP DLP policy added: This report provides information related to HTTP DLP policy added which include User Name, HTTP DLP Policy from fields. Logs considered Sample Report Figure 6 Trend Micro InterScan- URL filter policy added: This report provides information related to URL filtering policy which includes User Name, URL Filter Policy from fields. Logs considered 10

Sample Report Figure 7 Trend Micro InterScan- Digital certificates management: This report provides information related to digital certificate management which include User Name, Digital Certificate Management from fields. Logs considered 11

Sample Report Figure 8 Trend Micro InterScan- FTP DLP global policy changes: This report provides information related to FTP DLP global policy change which include User Name, Message from fields. Logs considered Sample Report Figure 9 Trend micro InterScan- HTTP CPU utilization: This report provides information related to HTTP CPU utilization which includes Metric Value from fields. Logs considered 12

Sample Report Figure 10 Trend Micro InterScan: Delete policies: This report provides information related to deleted policies which include User Name, Policy Name from the fields. Logs Considered: Mar 07 12:11:18 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:12:47,IST> 12:12:47 GMT+05:30 2016;tk_description=Delete policy: Block Tom Account: 192.168.1.138 Mar 07 12:19:38 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:21:07,IST> 12:21:07 GMT+05:30 2016;tk_description=Delete policy: Block bing.com Account: 192.168.1.118 Mar 07 15:27:38 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:29:09,IST> [EVT_AUDITING LOG_WARNING] Auditing log tk_user=admin;tk_date_field=mon Mar07 15:29:09 GMT+05:30 2016;tk_description=Delete policy: DATA LOSS PREVENTION Account: 192.168.1.118 13

Mar 07 15:35:33 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:37:04,IST> 15:37:04 GMT+05:30 2016;tk_description=Delete policy: APPLETS AND ACTIVEX Account: 192.168.1.131 Mar 07 15:41:01 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:42:32,IST> 15:42:32 GMT+05:30 2016;tk_description=Delete policy: Block Tom Account: 192.168.1.138 Mar 07 17:09:28 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 17:10:57,IST> 17:10:57 GMT+05:30 2016;tk_description=blacklistremove certificate: AffirmTrust Premium ECC Sample Report Figure 11 Trend Micro InterScan: Policy management: This report provides information related to policy management which includes User Name, Policy Name from the fields. Mar 07 12:07:00 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:08:29,IST> 12:08:29 GMT+05:30 2016;tk_description=Add new Application Control policy: Block Tom 14

Mar 07 12:16:30 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:17:59,IST> 12:17:59 GMT+05:30 2016;tk_description=Add Https Decryption policy: Block bing.com Mar 07 12:23:20 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 12:24:50,IST> 12:24:50 GMT+05:30 2016;tk_description=Exception to tunnel list now contains: www.bing.com* Mar 07 14:45:01 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 14:46:32,IST> 14:46:32 GMT+05:30 2016;tk_description=Add HTTP scan policy: virus detected:awe$mf.dfl Mar 07 14:51:22 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 14:52:53,IST> 14:52:53 GMT+05:30 2016;tk_description=Add HTTP Inspection policy: allow Bender Mar 07 15:23:32 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:25:03,IST> 15:25:03 GMT+05:30 2016;tk_description=Add HTTP DLP policy: DATA LOSS PREVENTION Mar 07 15:31:29 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:32:59,IST> 15:32:59 GMT+05:30 2016;tk_description=Add JAVA scan policy: APPLETS AND ACTIVEX Mar 07 15:43:48 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:45:19,IST> 15:45:19 GMT+05:30 2016;tk_description=Add URL filtering policy: Block Tom Mar 07 15:51:35 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 15:53:06,IST> 15:53:06 GMT+05:30 2016;tk_description=Add Access Quota policy: Unlimited Access Mar 07 17:19:48 192.168.1.202 trend-micro: <Mon, 07 Mar 2016 17:21:16,IST> 17:21:16 GMT+05:30 2016;tk_description=changed FTP DLP Scan Global Policy rule: DLP rule changed 15

Sample Report Figure 12 Import Trend Micro InterScan knowledge pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click Export Import Utility, and then click Import tab. Import Category/Alert/Tokens/ Flex Reports as given below. 16

Import Category 1. Click Category option, and then click the browse button. Figure 13 2. Locate All Trend Micro InterScan group of Categories.iscat file, and then click the Open button. 3. To import categories, click the Import button. EventTracker displays success message. 17

Figure 14 4. Click OK, and then click the Close button. Import Alerts 1. Click Alerts option, and then click the browse button. Figure 15 18

2. Locate All TREND MICRO INTERSCAN group of Alerts.isalt file, and then click the Open button. 3. To import alerts, click the Import button. EventTracker displays success message. Figure 16 4. Click OK, and then click the Close button. Import Tokens 1. Click Token value option, and then click the browse button. 19

Figure 17 2. Locate Trend Micro InterScan tokens.istoken file, and then click the Open button. 3. To import tokens, click the Import button. EventTracker displays success message. Figure 18 4. Click OK, and then click the Close button. 20

Import Flex Reports 1. Click Report option, and then click the browse button. Figure 19 2. Locate Trend Micro InterScan Flex Report.issch file, and then click the Open button. 3. To import scheduled reports, click the Import button. EventTracker displays success message. Figure 20 21

4. Click OK, and then click the Close button. Import Knowledge Object 1. Click the Admin menu, and then click Knowledge Objects. 2. Click on Import option. 3. In IMPORT pane click on Browse button. Figure 21 Figure 22 4. Locate Trend Micro InterScan.etko file, and then click the UPLOAD button. 22

Figure 23 5. Now select the check box and then click on OVERWRITE option. EventTracker displays success message. Figure 24 6. Click on OK button. Verify Trend Micro InterScan knowledge pack in EventTracker Verify Trend Micro InterScan Categories 1. Logon to EventTracker Enterprise. 23

2. Click the Admin menu, and then click Categories. 3. In Category Tree to view imported categories, scroll down and expand Trend Micro InterScan group folder to view the imported categories. Figure 25 Verify Trend Micro InterScan Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In Search field, type Trend Micro', and then click the Go button. Alert Management page will display all the imported Trend Micro InterScan alerts. 24

Figure 26 4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 27 5. Click OK, and then click the Activate Now button. NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. Verify Trend Micro InterScan Tokens 1. Logon to EventTracker Enterprise. 25

2. Click the Admin menu, and then click Parsing Rules. The imported Trend Micro InterScan tokens are added in Token-Value Groups list. Please refer Figure 24. Figure 28 Verify Trend Micro InterScan Reports 1. Logon to EventTracker Enterprise. 2. Click the Reports menu, and then select Configuration. 3. In Reports Configuration pane, select Defined option. EventTracker displays Defined page. 4. In search box enter Trend Micro InterScan, and then click the Search button. 26

EventTracker displays Flex reports of Trend Micro. Figure 29 Verify Knowledge Object 1. Click the Admin menu, and then click Knowledge Objects 2. Scroll down and select Trend Micro InterScan in Objects pane. Imported Trend Micro InterScan object details are shown. 27

Figure 30 Create Dashboards in EventTracker Schedule Reports 1. Open EventTracker in browser and logon. 2. Navigate to Reports>Configuration. Figure 31 28

Figure 32 1. Select Trend Micro InterScan in report groups. Check defined dialog box. 2. Click on schedule to plan a report for later execution. 29

Figure 33 3. Choose appropriate time for report execution and in Step 8 check Persist data in Eventvault explorer box. 30

Figure 34 4. Check column names to persist using PERSIST checkboxes beside them. Choose suitable Retention period. 5. Proceed to next step and click Schedule button. 6. Wait for scheduled time or generate report manually. Create Dashlets 1. EventTracker 8 is required to configure flex dashboard. 2. Open EventTracker in browser and logon. 31

Figure 35 3. Navigate to Dashboard>Flex. Flex Dashboard pane is shown. Figure 36 4. Fill fitting title and description and click Save button. 32

5. Click to configure a new flex dashlet. Widget configuration pane is shown. Figure 37 7. Locate earlier scheduled report in Data Source dropdown. 8. Select Chart Type from dropdown. 9. Select extent of data to be displayed in Duration dropdown. 10. Select computation type in Value Field Setting dropdown. 11. Select evaluation duration in As Of dropdown. 12. Select comparable values in X Axis with suitable label. 13. Select numeric values in Y Axis with suitable label. 14. Select comparable sequence in Legend. 15. Click Test button to evaluate. Evaluated chart is shown. 33

Figure 38 16. If satisfied, Click Configure button. Figure 39 17. Click customize to locate and choose created dashlet. 18. Click to add dashlet to earlier created dashboard. 34

Sample Dashboards 1. Trend Micro InterScan- Digital certificate management. Figure 40 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback