Create a log repository | Trend Micro Service Central

Views:

Create a log repository to organize collected log data according to specified ingestion and retention settings.

Before you begin

To begin managing log data in a log repository, you must have one or more deployed Service Gateways with the Third-Party Log Collection service installed.

Note

This feature is not available in all regions.

Important

This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.

Procedure

In Workflow and Automation → Data Source and Log Management → XDR Threat Investigation → Third-Party Log Collection, click Create New Log Repository.
The Create Log Repository drawer appears.
Specify a name and optional description for the log repository.
Select the desired ingestion and retention type.
- Ingestion types
  - Analytic: Ingests log data for analysis, correlation, and threat hunting
- Retention types:
  - Analytic: Allows for frequent retrieval of log data for analysis, correlation, and threat hunting. Default retention period: 30 days
Note

Compliance ingestion and retention types for managing infrequently accessed log data are coming soon.
Click Create.
The log repository is created and the log repository details drawer appears.

Add one or more collectors to the log repository to begin ingesting and retaining log data from your third-party data sources. Only logs in Common Event Format (CEF) are currently supported.

Important

Ensure you have installed the Third-Party Log Collection service on your deployed Service Gateways in Service Gateway Management before adding collectors. You must have one Service Gateway per connected collector.

Execute queries on ingested log data in the Search app and monitor log repository traffic usage in Service Gateway Management.