Trend Micro Vision One 整合的概覽。
您可以將 Trend Micro Email Security 與 Sophos Central 整合,以便其將資料傳送到 Sophos 進行分析。
本頁面提供此整合功能的概覽。
Trend Micro Email Security 產品概覽
Sophos 可以透過 Apex Central 從各種 Trend Micro 產品中擷取警示(例如,Apex One 端點警示)。有關通過 Apex Central 的 Trend Micro 工具的完整清單,請參閱 Apex Central 在其網站上發佈的文件。
Apex Central 管理端點保護和行動裝置安全等安全解決方案。它提供集中管理主控台,可提供安全事件的可見性,並透過即時威脅情報和分析增強保護措施。
Sophos 文件資訊
資料擷取內容
Sophos 可擷取的範例警示包括:
Data Loss PreventionUpdate StatusProduct Auditing EventsAdvanced Threat Correlation PatternEarly Launch Anti-Malware Pattern (64-bit)Spyware/Grayware PatternBehavior Monitoring Policy DescriptionsData Protection Application PatternDevice Access ControlHTTP_HNAP1_RCE_EXPLOIT_NC_Memory Scan Trigger Pattern (32-bit)Web Reputation Endpoint Patch PatternHTTP_REMOTECODE_EXECUTION_REQUEST-2_NC_HTTP_ZTE_F460_F660_RCE_EXPLOIT_NC_HackTool.Win32.PortScan.SWOSuspicious Files Engine: TCP anomaly detected
資料篩選
我們僅允許符合標準 CEF 格式的訊息。
威脅對應範例
根據警報分類及其包含的欄位,我們使用以下其中一個來定義警報:
- 如果警示屬於
web_security_cat類型,我們會使用欄位cat。 - 若存在欄位
cn1、cs1或cs2,我們將使用該欄位。
否則,我們將默認為"def.name。
範例對應項目如下:
{"alertType": "Suspicious Files", "threatId": "TA0002", "threatName": "Execution"}
{"alertType": "Endpoint Sensor Trusted Pattern", "threatId": "T1518.001", "threatName": "Security Software Discovery"}
{"alertType": "Web Reputation Endpoint Patch Pattern", "threatId": "T1562.001", "threatName": "Disable or Modify Tools"}
{"alertType": "Device Access Control", "threatId": "TA0004", "threatName": "Privilege Escalation"}
{"alertType": "Web reputation", "threatId": "TA0001", "threatName": "Initial Access"}
{"alertType": "Digital Signature Pattern", "threatId": "T1553.002", "threatName": "Code Signing"}
{"alertType": "Early Boot Clean Driver (64-bit)", "threatId": "T1037.005", "threatName": "Startup Items"}
{"alertType": "CnC Callback", "threatId": "TA0011", "threatName": "Command and Control"}
{"alertType": "Product Auditing Events","threatId": "T1016", "threatName": "System Network Configuration Discovery"}
{"alertType": "Global C&C IP List", "threatId": "TA0011", "threatName": "Command and Control"}
{"alertType": "IntelliTrap Pattern", "threatId": "TA0002", "threatName": "Execution"}
{"alertType": "IntelliTrap Exception Pattern", "threatId": "TA0002", "threatName": "Execution"}
{"alertType": "Policy Enforcement Pattern", "threatId": "T1484.001", "threatName": "Group Policy Modification"}