Trend Micro Cyber Risk Exposure Management for Splunk

Trend Micro Cyber Risk Exposure Management for Splunk extracts website access logs from Splunk and uploads the data to Trend Micro. Trend Micro then analyzes the data and provides Identity and Risk Insights for your entire organization allowing administrators to track their users' cloud application access. This app accesses CIM-compliant logs. In conjunction with Trend Micro's unique cloud reputation service, administrators gain insight into: 1. The top risky cloud apps being accessed. 2. The users or devices that generate the most access records. Supported CIM-compliant logs: This app extracts website information from the site, url, or dest fields of the Common Information Model (CIM) web data model. The priority follows: site > url > dest. The following CIM-compliant products (sourcetype) have been verified: 1. Palo Alto (pan:threat) 2. Fortinet FortiGate (fgt_utm) 3. Forcepoint Web Security (websense:cg:kv) 4. Zscaler (zscalernss-web) 5. Cisco Meraki (meraki-urls) 6. Cisco Umbrella SIG (opendns:proxy) 7. Symantec ProxySG (bluecoat:proxysg:access:syslog)