When configured, the Blumira integration with Trend Micro Apex One will stream security event logs to the Blumira service for automated threat detection and actionable response.
Get visibility, detect and respond to threats faster:
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Use the Syslog Settings screen to configure Apex Central to forward supported logs to a syslog server.
If you migrated to Apex Central from a previous Control Manager installation, Apex Central automatically imports your previous syslog forwarding settings configured using the LogForwarder tool (<Control Manager installation directory>\LogForwarder.exe).
After migrating to Apex Central, you will no longer be able to execute the LogForwarder tool.
Server address: Blumira Sensor IP
Port: Syslog server port number, 514 should be used
Protocol: Select the transmission protocol, TCP should be used
If SSL/TLS is selected, Apex Central accepts valid self-signed certificates by default.
If the server certificate contains a Subject Alternative Name, the Subject Alternative Name must contain the server FQDN or IP address.
For additional security, use a valid server certificate or upload the server certificate to Apex Central.
Apex Central only supports server certificates in X.509 format with .DER or .PEM encoding.
Apex Central only supports uploading server certificates for SSL/TLS transmissions.
Apex Central only supports syslog forwarding over a SOCKS protocol proxy server for SSL/TLS or TCP transmissions.
Syslog forwarding does not support HTTP proxy servers. To use a proxy server for syslog forwarding, click Configure proxy settings and select a SOCKS protocol server on the Proxy Settingsscreen.
For more information, see Configuring Proxy Settings for Component/License Updates, Cloud Services, and Syslog Forwarding.
Apex Central uses the proxy server configured on the Proxy Settings screen ( ) for syslog forwarding.
CEF: Uses the standard Common Event Format (CEF) for log messages
Apex Central format: Sets the syslog Facility code to “Local0” and the Severity code to “Notice”
For more information, see Supported Log Types and Formats.
You can select log types from multiple log categories.
Apex Central displays the total number of selected log types next to the Log type drop-down list.
The syslog server connection status appears at the top of the screen.
Apex Central starts forwarding logs to the configured syslog server.
To monitor the log forwarding status, go to Forward Syslog from the Command drop-down list.and select
For more information, see Querying and Viewing Commands.