Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

New Device Module (DM) update for Trustwave SIEM 1.2.1 now available

Trustwave's most recent Device Module (DM), DM-22, is now available to customers in the TrustKeeper portal file library. DM-22 adds support for new devices, updated parsing and normalization for some devices and other content for Trustwave SIEM software version 1.2.1.

Read on for more details about what's new.

New Device Support

DM-22 adds support for the following devices:

  • ACI Worldwide PRM
  • Aloha Configuration Center
  • Amazon CloudTrail
  • Trustwave DbProtect
  • EMC Centera
  • McAfee Stonesoft NGN
  • Microsoft Windows Non-Security Logs 2000-2008 – EM/Snare/Splunk/Balabit/Lasso/Datagram
  • Microsoft Windows Security Log 2008 - WinCollect
  • Sophos Cyberoam UTM Firewall
  • Trustwave Antivirus

Enhanced Device Support

DM-22 enhances parsing or normalization for the following supported devices:

  • Aloha POS
  • Avaya WLAN
  • Barracuda Spam and Virus Firewall
  • Blue Coat ProxySG
  • ACI Worldwide PRM
  • Brocade Switch
  • Check Point Firewall
  • Cisco ACE
  • Cisco ASA/PIX
  • Cisco IDS
  • Cisco ISE
  • Cisco NAM
  • Cisco Nexus/MDS/UCS
  • Cisco Secure ACS Windows
  • Cisco Unified Communications
  • Citric NetScaler
  • Enterasys Dragon – Alarmtool Syslog
  • Fidelis XPS
  • FireEye MPS
  • Fortinet FortiGate
  • Generic Unix Syslog
  • GTA Firewall
  • IBM iSeries – PowerTech Interact Syslog
  • IBM Proventia Management SiteProtector
  • Juniper NetScreen IDP
  • Juniper NetScreen/ISG/SSG
  • Juniper SSL VPN
  • McAfee ePO
  • Microsoft Exchange Server
  • Microsoft Forefront Threat Management Gateway 2010
  • Microsoft IIS
  • Microsoft Sharepoint
  • Microsoft UAG
  • Microsoft Windows Non-Security Logs 2000-2008 – EM/Snare/Splunk/Lasso/Datagram
  • Microsoft Windows Security Log 2008
  • Mod Security
  • NetApp Storage
  • Netfilter IPTables
  • OpenVPN
  • Oracle Audit Trail
  • Palo Alto Networks Firewall
  • Postfix
  • Samba
  • Secure Computing Sidewinder G2
  • Snort
  • SonicWALL SonicOS
  • Sophos UTM
  • Sourcefire – 3D
  • Squid Proxy
  • Sun Directory Server
  • Sybase ASE Audit
  • Symantec Endpoint Protection
  • Trend Micro Deep Security
  • Trend Micro IWSS
  • Trustwave FIM
  • Trustwave IVS
  • Trustwave SWG
  • Trustwave TrustOS
  • Trustwave WAF
  • Unix Clustering
  • VMware ESX
  • WatchGuard Firebox
  • Websense Web Security

New/Updated Reports and Notifications

The following content has been added or updated within DM-22:

  • New Reports
    • Data Source Status for Selected Detectors
    • FIM Activity
    • Updated Notifications
      • Host Found by Any Device
      • Specified Event Type List, specified Acting User List, specified Target User List, specified Detector List, and specified string(s) found or excluded via a specific device

How to Update?

DM-22 requires DM-21 and SP-20, which are also available in TrustKeeper portal file library. For TrustKeeper portal access to the DM, please contact the SIEM Technical Assistance Team at

Once you download the package install it via the 'support package upload' function located at Admin-> System Management->File Manager. For more detailed instructions, please see the 'Trustwave SIEM 1.2.1 DM-22' release notes also found in the file library.

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More