Name of the user logged on to the infected endpointĭate and time of spyware/grayware detection
Choose to encrypt the event source and download the Rapid7 Certificate. For the Trend Micro OfficeScan event source, it is recommended that you select Syslog - TCP.
Install NXLog onto the OfficeScan server and configure NXLog to collect the OfficeScan events and forward them to InsightIDR.
Configure OfficeScan to log its events into the Windows Application log.Configure the OfficeScan event source in InsightIDR.
To use NXLog to capture the OfficeScan events: Configure NXLog to capture OfficeScan events You must be a Trend Micro OfficeScan administrator in order to configure any changes within the appliance. Configure Trend Micro Control Manager to forward syslog.Configure NXLog to capture OfficeScan events.However, there are two methods you can use for InsightIDR to read Trend Micro data: Trend Micro OfficeScan cannot send syslog directly to InsightIDR. Trend Micro OfficeScan is a security and virus scanning product that can further contextualize data about your users.