Trend Micro Apex One Integration
Overview
Trend Micro Apex One provides endpoint security with behavioral analysis, machine learning, and virtual patching. KYRA MDR collects Apex One events via syslog or the Central API for threat visibility. Supports Apex One on-premises and SaaS.
Prerequisites
- A KYRA MDR Collector installed and running
- Trend Micro Apex One server with administrative access
- For SaaS: Apex Central API key
- Network connectivity from the server to the collector
Configuration
Configure syslog forwarding in Apex One:
- Log in to the Apex One Console
- Navigate to Administration > Settings > Syslog Settings
- Enable Forward Logs to a Syslog Server
- Configure:
| Setting | Value |
|---|---|
| Server | Your KYRA Collector IP |
| Port | 514 |
| Protocol | TCP |
| Format | CEF |
- Click Save
For Apex Central API:
sources: - type: trend-micro api_url: https://<apex-central-url>/WebApp/API api_key: <api-key> poll_interval: 120sCollected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| Malware | Virus and malware detections | Endpoint threat protection |
| Behavioral | Suspicious activity detections | Advanced threat detection |
| Web Reputation | Malicious URL access events | Web threat prevention |
| Virtual Patching | Vulnerability protection events | Exploit prevention |
| C&C Callback | Command and control communications | APT detection |
| Device Control | USB and removable media events | Data loss prevention |
Troubleshooting
No syslog output: Verify syslog settings are saved and the Apex One service has been restarted.
Missing detection types: Ensure all event types are selected in the syslog configuration.
API connection timeout: For Apex Central SaaS, verify the API key has not expired and the URL is accessible.
Contact kyra@seekerslab.com for support.