Integrating Deep Discovery Analyzer with Trend Vision One

Procedure

1. On the Trend Vision One console, go to Workflow and Automation → Service Gateway Management. If available, click the Service Gateway Management 2.0 tab.
2. If you do not have an existing Service Gateway deployed, install a Service Gateway.
   1. Click Download Virtual Appliance to open the Service Gateway Virtual Appliance panel.
   2. Select either VMware ESXi (OVA) or Microsoft Hyper-V (VHD) as the image type you want to use.
   3. Select I agree to the End User License Agreement and click Download Disk Image.
   4. Record the Registration Token that you need to apply during deployment.
   5. Install the Service Gateway virtual appliance.
      For detailed deployment instructions, see Deploying a Service Gateway Virtual Appliance.
3. Click the Service Gateway name.
4. Click Manage Services.
5. Click the install icon to install and then enable the following services.

   Service	Description
   Forward proxy	Required for the Sandbox Analysis integration function that allows Deep Discovery Analyzer to perform the following: Receive samples from Trend Vision One Send analysis reports (for only samples received from Trend Vision One) to Trend Vision One
   Suspicious Object list synchronization	Required for the Suspicious Objects synchronization function that allows Deep Discovery Analyzer to perform the following: Synchronize the centralized Suspicious Object List and Exception List from Trend Vision One Send analysis reports (for detected samples with a risk level) to Trend Vision One

6. Record the Service Gateway IP address and the API key that are needed for connection settings on the Deep Discovery Analyzer console.
   • IP address: Click the Service Gateway name and record the IPv4 address or IPv6 address.
   • API key: Click the Manage API Key button and record the API key.
7. On the Deep Discovery Analyzer web console, go to Administration → Integrated Products/Services and click Trend Vision One.
8. Select Enable Service Gateway connection and type the IPv4 or IPv6 address of the Service Gateway in the Service Gateway IP address field.
9. To connect to Trend Vision One through the Service Gateway for threat intelligence data sharing, do the following:
   1. Select Enable Suspicious Object Synchronization.
   2. Specify the API key you obtained from the Trend Vision One console.
   3. If a certificate is required for Deep Discovery Analyzer to communicate with the Service Gateway, select Use certificate and click Select to locate the certificate file.
   4. Click Test Connection to verify.
   5. Click Save.
   6. Wait until synchronization with the Service Gateway completes.
10. To have Deep Discovery Analyzer receive and analyze samples from Trend Vision One, do the following:

    Note Sandbox Analysis integration requires Service Gateway 2.0 or later.

    1. On the Trend Vision One console, go to Service Management → Product Instance.
    2. Click Add Existing Product.
    3. For Instance type, select Trend Micro Deep Discovery Analyzer from the drop-down list.
    4. Click the link to generate an enrollment token.
    5. Copy the enrollment token for use on the Deep Discovery Analyzer web console.
    6. Click Save.
    7. On the Deep Discovery Analyzer web console, go to Administration → Integrated Products/Services and click Trend Vision One.
    8. Select Enable Sandbox Analysis integration.
    9. Paste the enrollment token you obtained from the Product Connector in Trend Vision One.
    10. Click Save.
        After Deep Discovery Analyzer is registered to Trend Vision One, the Test Connection button appears.
    11. On the Trend Vision One console, go to Threat Intelligence → Sandbox Analysis.
    12. Click Submission Settings and select Use your Deep Discovery Analyzer instead of Sandbox Analysis sandbox.