All Collections
Integration Guide
Trend Micro Deep Security Integration
Trend Micro Deep Security Integration
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

About Trend Micro Deep Security

Trend Micro Deep Security is a comprehensive and centrally managed platform that provides advanced server-side security. By securing physical, virtual, and cloud servers, it protects the organization's applications and data from business interruptions and breaches.

Together, SIRP and Trend Micro Deep Security automate threat detection and mitigation. Protection against malware and application-layer attacks and traffic control is made possible with the actions and playbooks executed on SIRP using Deep Security.

SIRP’s integration with Trend Micro Deep Security allows security teams to execute response actions right from SIRP.

Supported Actions

SIRP’s Trend Micro Deep Security integration app allows you to execute the following actions:

S.no

Action

Description

1

Add IP to destination list

The IP will be blocked as destination in Trend Micro Deep Security

2

Add IP to source list

The IP will be blocked as source rend Micro Deep Security

3

Remove IP from destination list

The IP will be removed from the destination block list in Trend Micro Deep Security

4

Remove IP from source list

The IP will be removed from the source block list in Trend Micro Deep Security

Enable and Configure Trend Micro Deep Security

Generate a new API Key on Trend Micro Deep Security

  1. In Deep Security Manager, click Administration > User Management > API Keys.

  2. Click New and enter the property values for the API key.

  1. Click Next. The secret key is presented. This is the only time that you can obtain the secret key.

  1. Copy the secret key and securely store it.

  2. Click Close.

Create New "Source" and "Destination" Lists

SIRP pushes the IPs to certain designated lists within TM Deep Security. These lists are then configured in the appliance to be used in different policies. For example, to block IPs in a list, or exclude vulnerability scanner IPs from reconnaissance events in a firewall. To configure two new lists follow these steps:

1. In Deep Security Manager, click Policies then click IP Lists

2. Click New > New IP List

3. Enter "SIRP_Destination_IP_List" in the Name field then click Ok to create the new list.

4. Follow the same steps to create another list with the name "SIRP_Source_IP_List"

These two lists are used by the SIRP app to either push or remove IPs.

Enable the Trend Micro Deep Security in SIRP

  1. First, log in to SIRP, then go to Apps from the left navigation bar.

  2. Locate the app named Deep Security.

  3. Enable the app by clicking on the toggle button under the Status Column.

  1. Once you enable the App, click the configure option to integrate SIRP with Trend Micro Deep Security.

  2. Add the following details and click Save:

    1. URL: <URL from your Local Trend Micro Deep Security Instance>

    2. Token: <Copied API Key from the above steps>

Did this answer your question?