Trend Micro Apex One central and Cloud App Security

[Aung Pyae]

Hello Team, 

Kindly advise I want to monitor trendMicro apex one ( cloud) and cloud app security. 

Thanks.

[Mercedes Fernández Argüelles]

Hi there!

To monitor Apex One logs you can make use of the localfile module. You should first retrieve the logs you want to monitor and forward them to an agent or the Wazuh manager itself. After that, define a localfile block in the corresponding configuration, indicating the path to the logs and the log format. You can see the supported log formats here. Once that's done, you'll need to restart your agent or manager to apply the configuration.

Depending on the log format (if it's other than json), you'll most likely need to create your own decoders and rules if you want to process specific events from those logs. You can check the following documentation regarding custom decoders and rules:

• Custom rules and decoders
  
• Creating decoders and rules from scratch
• Rules Syntax
  
• Decoders Syntax
  

Hope that helps!

Mercedes.

[Aung Pyae]

Hello Mercedes , 

Apex one cloud syslogs can forward to local wazuh server?

Thanks 

[Mercedes Fernández Argüelles]

Hi,

Excuse the late response! You can forwards syslog events to Wazuh manager. You can find all the information and detailed steps in the official documentation here. As you can see, Step 3 mentions deploying a new wazuh agent and configuring a localfile module there. If you want to forward logs to the manager itself, you can avoid that step and simply add the localfile module to the ossec.conf file of that manager, as all managers also run an integrated agent.

Hope that clarifies your question,

Mercedes.