Solved: How come I do not see any detection in the Trend M...

masato_wang · ‎11-30-2014

How come I do not see any detection?

TrendMicro_Splu · ‎11-30-2014

Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.

View solution in original post

TrendMicro_Splu · ‎11-30-2014

Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.

How come I do not see any detection in the Trend Micro Attack Scanner for Splunk?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio