Deep Discovery Director Tab | Trend Micro Service Central

Views:

Trend Micro Deep Discovery Director is a management solution that provides Indicators of Compromise (IOC) information and enables centralized deployment of product updates, product upgrades, configuration replication and Virtual Analyzer images to Deep Discovery Analyzer.

Deep Discovery Analyzer integrates with the following versions of Deep Discovery Director:

5.2 and above

Deploying updates or upgrades to Deep Discovery Analyzer appliances that are configured in a high availability cluster will temporarily:

Detach the high availability appliances and suspend high availability
Restrict access to the management console and display a static information screen

After the update or upgrade completes, the detached appliances will automatically reattach and restore high availability.

Important

Before deploying updates or upgrades, ensure that the appliances are not executing any task.
Avoid detaching appliances while an upgrade is in progress.
If the appliances fail to upgrade or continue to show the Upgrading Appliance screen for more than two hours, check Deep Discovery Director for errors. To resolve errors, temporarily detach the appliances. Detached appliances continue to upgrade. After the upgrade, manually attach the appliances again to restore high availability.

Use the Deep Discovery Director management console to deploy or replicate a Virtual Analyzer image or configuration to a primary appliance. This is not required for secondary appliances since they are set to automatically sync Virtual Analyzer images or configuration from the primary appliance.

Deep Discovery Analyzer supports integration with Deep Discovery Director to enable the following:

Upload of suspicious objects generated by the internal Virtual Analyzer to Deep Discovery Director
Linux image deployment from Deep Discovery Director 5.3
Download of the following from Deep Discovery Director:
- Exceptions
- Suspicious objects (user-defined and synchronized)
- YARA rule files
- File passwords (Deep Discovery Director on-premises version 5.2 and above)

Note

After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes YARA rule settings from Deep Discovery Director and overwrites existing YARA rule settings that you have configured.
After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes file passwords from Deep Discovery Director and overwrites existing file passwords that you have configured. You can only change the file passwords on the Deep Discovery Director management console.
If you register Deep Discovery Analyzer to Trend Vision One, Deep Discovery Director, and Trend Micro Apex Central, Deep Discovery Analyzer synchronizes data with the integrated products in the following priority:
- Download exception list: Trend Vision One, Deep Discovery Director, Trend Micro Apex Central
- Upload Virtual Analyzer-generated suspicious objects: Trend Vision One, Deep Discovery Director, Trend Micro Apex Central
- Download Virtual Analyzer-generated and user-defined suspicious objects: Trend Vision One, Deep Discovery Director

The Deep Discovery Director screen displays the following information:

Deep Discovery Director Fields

Field	Information
Status	The following appliance statuses can be displayed: Not registered: The appliance is not registered to Deep Discovery Director. Registered \| Connected: The appliance is registered and connected to Deep Discovery Director. Registered \| Unable to connect: The appliance is registered to Deep Discovery Director, but unable to connect. Verify that the Deep Discovery Director network settings are valid. Registered \| Untrusted fingerprint: The appliance is registered to Deep Discovery Director, but the connection was interrupted. To restore the connection, trust the new fingerprint.
Last connected	The last time this appliance connected to Deep Discovery Director.
Host name	The host name of this appliance.
Server address	The Deep Discovery Director server address.
Port	The Deep Discovery Director port.
API key	The Deep Discovery Director API key.
Fingerprint (SHA-256)	The Deep Discovery Director fingerprint.
Use the system proxy settings	Select to use the system proxy settings to connect to Deep Discovery Director.
Synchronize suspicious objects from Deep Discovery Director	Select this option synchronize suspicious objects from Deep Discovery Director.