IBM Security QRadar

Good morning,

we are facing issues parsing Trend Micro Apex Central logs as there is no parser defined in QRadar, even lookking into the updates available.

Is someone experiencing the same issue? Has someone found a solution apart from parsing logs manually?

Hi,

I am having the same issue in my new deployment. Because there is no parser for Apex Central, I decided to integrate all the Trend Micro products individually instead of getting their logs from Apex Central. However, ApexOne is unable to send logs to Qradar directly and needs to be integrated using Apex Central. Therefore I now have to parse those logs manually. But at least, now I am only missing 1 log source that is not being parsed instead of many. If you do end up writing a parser for Apex Central before me please share it with me too.

It's all well documented

https://success.trendmicro.com/solution/000152501-SIEM-solutions-integration-with-Apex-Central#collapseTwo

https://docs.trendmicro.com/en-us/enterprise/trend-micro-apex-central-2019-online-help/detections/logs_001/syslog-forwarding/syslog-log-types-for.aspx

after configuration on apex and receive the events as unknown on qradar you can build a custom universal cef parser with dsm editor. As apex documentation the are 14 security events to be map.