As everyone already knows, anyone who currently have a vCenter Standard license, can now install VMware Log Insight 3.3 for vCenter with license for 25 OSI. This is excellent news, Log Isight is a very good product and its popularity continues to grow and grow. Deep Security Manager stores (and shows) all the necessary statistics for the last 24 hours or the last seven days (even though the same alerts can be stored for much longer). Good idea is to redirect all alerts from security policies to external SIEM, which in our case is VMware Log Insight.
The big advantage is the possibility of forwarding alerts from more than one DSM to one Log Insight and receiving cumulative insight into our environment. In addition, we track the historical data and analyze trends. Dashboard provides an overview tab, which displays a table of all DSM modules.
Additionally, we have access to a detailed view of each DSM module. General view of Anti-Malware:
The detail view (Interactive Analytics), we can investigate what exactly happened:
View of the Intrusion Prevention (IPS) module. Typically, Trend Micro Deep Security is not the first line of defense, so you should analyze all the events that broke through the application firewalls and other solutions used in our organization.
Each alert can be viewed in the Interactive Analytics and see exactly what applies.
At this moment Deep Security management pack is not yet officially available anywhere. If you are interested in receiving it, you have to turn to Trend Micro by address deepsecurityvrops [at] trendmicro.com (really worth it, you will also receive complete management pack for VMware vRealize Operations).