splunk-connect-for-syslog icon indicating copy to clipboard operation
splunk-connect-for-syslog copied to clipboard

Published 20 hours ago verified publisher icon splunk

SC4S: Can’t recognise TrendMicro Sourcetype

Open anupammandal opened this issue 2 years ago • 1 comments

The TrendMicro DeepSecurity events are not recognized by SC4S. Attached are the screenshot from UI and the raw logs. Let me know if further information is needed Trend_AWS Trend_Cloud_one Trend_AWS.txt Trend_Cloud_one.txt .

anupammandal avatar Jul 12 '22 06:07 anupammandal

The messages attached it after getting parsed by sc4s , we will be needing raw messages ( either captured by pcap) or anonymise it and paste here, it will be added to enhancement request. @anupammandal

rjha-splunk avatar Jul 12 '22 08:07 rjha-splunk