Piszki Lab | EN

My case study in the clouds…

VMware Log Insight – Trend Micro Deep Security management pack.

| 0 comments

As everyone already knows, anyone who currently have a vCenter Standard license, can now install VMware Log Insight 3.3 for vCenter with license for 25 OSI. This is excellent news, Log Isight is a very good product and its popularity continues to grow and grow. Deep Security Manager stores (and shows) all the necessary statistics for the last 24 hours or the last seven days (even though the same alerts can be stored for much longer). Good idea is to redirect all alerts from security policies to external SIEM, which in our case is VMware Log Insight.

LogInsight-Logo

The big advantage is the possibility of forwarding alerts from more than one DSM to one Log Insight and receiving cumulative insight into our environment. In addition, we track the historical data and analyze trends. Dashboard provides an overview tab, which displays a table of all DSM modules.

trend0

Additionally, we have access to a detailed view of each DSM module. General view of Anti-Malware:

trend3

The detail view (Interactive Analytics), we can investigate what exactly happened:

trend4

View of the Intrusion Prevention (IPS) module. Typically, Trend Micro Deep Security is not the first line of defense, so you should analyze all the events that broke through the application firewalls and other solutions used in our organization.

trend5

Each alert can be viewed in the Interactive Analytics and see exactly what applies.

trend6

At this moment Deep Security management pack is not yet officially available anywhere. If you are interested in receiving it, you have to turn to Trend Micro by address deepsecurityvrops [at] trendmicro.com (really worth it, you will also receive complete management pack for VMware vRealize Operations).

Rate this article:
[Total: 0 Average: 0]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

Leave a Reply

Required fields are marked *.


.

Enjoyed the post? Support Piszki Lab | EN, click on the AD! :-)

.