Solved: How come I do not see any detection in the Trend M...

masato_wang · ‎11-30-2014

How come I do not see any detection?

TrendMicro_Splu · ‎11-30-2014

Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.

View solution in original post

TrendMicro_Splu · ‎11-30-2014

Detections are not displayed for a number of reasons:
• During the period covered by the event logs, you do not have any host attempting to communicate with C&C servers monitored by Trend Micro Smart Protection Network. Consider increasing the amount of logs indexed by Splunk and to be scanned by Attack Scanner.
• The time range for event correlation by Attack Scanner is too short. By default, time range is only limited within the past seven days, so earlier attempts to communicate with C&C servers are not detected. Consider changing the settings in the Time Range for Event Correlation section of the app Set Up screen to cover a longer period.
• Your app installation might not have a valid license, or the Activation Code might have expired.

How come I do not see any detection in the Trend Micro Attack Scanner for Splunk?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!