This app provides a collection of dashboards that help you conduct a thorough analysis of targeted attacks and advanced threats. The app supports Deep Discovery Inspector, Deep Discovery Email Inspector and Deep Discovery Analyzer logs. It helps your organization identify and take action against targeted attacks.
The complete documentation is available here:
http://docs.trendmicro.com/all/ent/dd_app_splunk/v1.1.2/en-us/dd_app_for_splunk_1.1.2_olh
To ask a question regarding this app, please go to:
http://answers.splunk.com/app/questions/2867.html
Trend Micro Deep Discovery customers may receive email support by contacting:
ddappsupport@trendmicro.com
Support hours are Monday through Friday, 9am - 5pm, U.S. Pacific Time, exclude weekends and national holidays. You may expect a response within 3 business days.
To enable the app to process Deep Discovery Inspector, Deep Discovery Email Inspector and Deep Discovery Analyzer event logs:
Please refer to the online documentation for instruction on configuring the
app to enable Web Access Log Correlation.
Deep Discovery App assigns the source type “cefevents” to data entering Splunk
through TCP port 8080. Subsequently, the app assigns more granular source types
that start with “tmef-” to received data. The source types enable Splunk to
correctly format data during indexing and to perform more specific event
processing. If your network firewall prevents the Splunk server from receiving
data through port 8080, you must configure a new data input based on your
network policy. For example, typical syslog servers use UDP port 514.
v1.1.1 requires a fresh installation. If you already have v1.1.0, please save your custom settings as you will need to reconfigure them after a fresh installation of v1.1.1.
v1.1.1 fixed Splunk 6.3 compatibility issues in the following pages:
1. Configuration
-- App Set Up - not able to be saved under Splunk 6.3.
-- Event Filers - CSS stylesheet timeout issue
-- Watchlist - format issue
-- License - CSS stylesheet timeout issue
2. Web Access Log Correlation - format issue
This release also addressed several certification issues:
3. Removed hidden files from the package
4. Disabled the executable attribute for non-executable files
TrendMicro Deep Discovery App for Splunk supports Trend Micro Deep Discovery
solutions, including Deep Discovery Inspector and Deep Discovery Analyzer.
This is the first public release of this App.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.