Collect, organize, manage, and store third-party log data in Trend Vision One log repositories using collectors connected to a deployed Service Gateway.
 |
NoteThis feature is not available in all regions.
|
 |
ImportantThis is a pre-release sub-feature and is not part of the existing features of an official
commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
|
Third-Party Log Collection is a log management system that allows you to collect and
organize log data from the third-party data sources on your organization's network.
The collected data is then available for analytic or compliance purposes throughout
Trend Vision One. You may set specific ingestion and retention policies on a particular
log repository to more efficiently organize collected log data and quickly access
the data when needed. Ingested data is available for use in Search, Workbench, Detection
Model Management, and Observed Attack Techniques.
Third-Party Log Collection manages log data using a hierarchical system consisting
of:
-
Log repositories: Ingest and store third-party log data according to specified ingestion and retention policies
-
Collectors: Receive log data from configured third-party data sources and forward the data to assigned log repositories according to the log repository settings
-
Service Gateway virtual appliances: Facilitate the connection between collectors and third-party data sources on your organization's network
The basic steps to setting up and managing a log repository to ingest and store third-party
log data are:
-
Deploy a Service Gateway virtual appliance with the minimum requirements if you do not already have a deployed Service Gateway.
-
Install the Third-Party Log Collection service on your Service Gateway.
-
If using the TLS protocol to receive third-party data logs, upload a certificate to your Service Gateway for validation purposes.
-
Create a log repository in Third-Party Log Collection with the desired ingestion and retention settings.
-
Add one or more collectors to the log repository that are configured to receive data from third-party data sources through your Service Gateway.
-
Configure your third-party data source to send log data externally to Trend Vision One collectors.
-
Execute queries on ingested log data in the Search app and monitor log repository traffic usage in Service Gateway Management.
Collectors receive and forward all valid logs from the specified third-party log data
sources.
The following actions are available in Third-Party Log Collection.
|
Action
|
Description
|
||
|
View existing log repositories and collectors
|
Log repositories are displayed along with details including:
Drill down to see details on the collectors connected to the log repository, including:
|
||
|
Create a new log repository
|
Click Create New Log Repository to name and configure a new log repository. To learn more, see Create a log repository.
|
||
|
View log repository details
|
Click the name of a log repository to display the log repository details drawer organized
into the following tabs.
|