This app provides a collection of dashboards that help you conduct a thorough analysis of targeted attacks and advanced threats. The app supports Deep Discovery Inspector, Deep Discovery Email Inspector and Deep Discovery Analyzer logs. It helps your organization identify and take action against targeted attacks.
The complete documentation is available here:
To ask a question regarding this app, please go to:
Trend Micro Deep Discovery customers may receive email support by contacting:
Support hours are Monday through Friday, 9am - 5pm, U.S. Pacific Time, exclude weekends and national holidays. You may expect a response within 3 business days.
To enable the app to process Deep Discovery Inspector, Deep Discovery Email Inspector and Deep Discovery Analyzer event logs:
Please refer to the online documentation for instruction on configuring the
app to enable Web Access Log Correlation.
Deep Discovery App assigns the source type “cefevents” to data entering Splunk
through TCP port 8080. Subsequently, the app assigns more granular source types
that start with “tmef-” to received data. The source types enable Splunk to
correctly format data during indexing and to perform more specific event
processing. If your network firewall prevents the Splunk server from receiving
data through port 8080, you must configure a new data input based on your
network policy. For example, typical syslog servers use UDP port 514.
- Support new event log 200128|SUBMISSION_ANALYZED which is extended log for event log 200119|FILE_ANALYZED and 200126|URL_ANALYZED from Deep Discovery Analyzer
- Move widget "Virtual Analyzer - High Risk Files" from Summary page to Detections > Custom Detections and Watchlists page
- Add a new widget - "Virtual Analyzer - High Risk URLs" in Detections > Custom Detections and Watchlists page
- Add Proxy Setting in Configuration > App Set Up page for license activation and "Web Access Log Correlation"
v1.1.1 requires a fresh installation. If you already have v1.1.0, please save your custom settings as you will need to reconfigure them after a fresh installation of v1.1.1.
v1.1.1 fixed Splunk 6.3 compatibility issues in the following pages:
-- App Set Up - not able to be saved under Splunk 6.3.
-- Event Filers - CSS stylesheet timeout issue
-- Watchlist - format issue
-- License - CSS stylesheet timeout issue
2. Web Access Log Correlation - format issue
This release also addressed several certification issues:
3. Removed hidden files from the package
4. Disabled the executable attribute for non-executable files
TrendMicro Deep Discovery App for Splunk supports Trend Micro Deep Discovery
solutions, including Deep Discovery Inspector and Deep Discovery Analyzer.
This is the first public release of this App.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.