Views:
Smart Feedback
DescriptionSmart Feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.
Data Collected
  • IP address
  • URL
  • Filename/path
  • Hostname
  • Suspicious executables
  • Partial file content
Console LocationAdministration > Monitoring / Scanning > Threat Detections:
  • Enable Smart Feedback
  • Submit suspicious files to Trend Micro

Module state

Virtual Analyzer
DescriptionDisabling Virtual Analyzer prevents the mentioned data being sent to Trend Micro, but will severely impact Deep Discovery Inspector’s ability to detect advanced malware.
Data Collected
  • IP address
  • URL
  • Hostname
  • Filename/path
Console LocationAdministration > Virtual Analyzer > Setup:
  • Submit files to Virtual Analyzer
  • Virtual Analyzer: Internal

Module state

Web Reputation
DescriptionDisabling Web Reputation prevents the mentioned data being sent to Trend Micro, but will greatly impact Deep Discovery Inspector’s ability to detect C&C and malicious activities.
Data Collected
  • URL
Console LocationAdministration > Monitoring / Scanning > Web Reputation:
  • Enable Web Reputation

Module state

Community File Reputation
DescriptionDisabling Community File Reputation related rules prevents the mentioned data being sent to Trend Micro, but will impact Deep Discovery Inspector’s ability to detect advanced malware.
Data Collected
  • URL
Console LocationAdministration > Monitoring / Scanning > Detection Rules:
  • Enable/Disable rule 719, 733

Module state

URL Retro Scan
DescriptionDisabling URL Retro Scan prevents the mentioned data being sent to Trend Micro, but will impact Deep Discovery Inspector’s ability to detect C&C and malicious activities that occurred in the past but were just known to Trend Micro.
Data Collected
  • Endpoint IP addresses
  • URL
Console LocationAdministration > Monitoring / Scanning > Web Reputation:
  • Enable Retro Scan

Module state

Threat Connect
DescriptionThreat Connect allows admin to view related threat information from the global intelligence database.
Data is only sent out when an admin manually clicks the “View Threat Connect” button in Log detail view.
Data Collected
  • IP address
  • URL
  • Hostname
Console LocationUser manually triggers Threat Connect connection in Log detail view:

Module state

Sandbox as a Service for macOS
DescriptionDisabling Sandbox as a Service for macOS prevents the mentioned data being sent to Trend Micro, but will severely impact Deep Discovery Inspector’s ability to detect advance malware affecting the macOS platform.
Data Collected
  • Suspicious files
  • Filename
Console LocationAdministration > Virtual Analyzer > Internal Virtual Analyzer > Sandbox Management:
  • “Sandbox for macOS” tab: Send possible threats for macOS to Trend Micro Sandbox as a Service for analysis

Module state

Sandbox as a Service for Windows
DescriptionDisabling Sandbox as a Service for Windows prevents the mentioned data being sent to Trend Micro, but will severely impact Deep Discovery Inspector’s ability to detect advance malware affecting the Windows platform.
Data Collected
  • Suspicious files
  • Filename
Console LocationAdministration > Virtual Analyzer > Setup:
  • Submit files to Virtual Analyzer
  • Virtual Analyzer: Sandbox as a Service

Module state

Threat Investigation Center
DescriptionWhen disabled, all data indicated for this row will not be sent out to the Threat Investigation Center.
Data Collected
  • IP address
  • MAC address
  • Host name
  • Filename/path
  • Email address
  • Email subject
  • Username
  • Domain name
  • URL
  • Network group name
  • Retro Scan Report
  • All System Event Logs
Console LocationAdministration > Integrated Products/Services > Threat Investigation Center:

Module state

Threat Investigation Center
DescriptionWhen File Retrieval setting is disabled, all data indicated for this row will not be sent out to the Threat Investigation Center.
Data Collected
  • Virtual Analyzer investigation package
  • Detected file
  • PCAP
Console LocationAdministration > Integrated Products/Services > Threat Investigation Center: Add or Edit server:

Module state

Deep Discovery Director - Network Analytics as a Service, Trend Vision One (Advanced Access)
DescriptionOnce Deep Discovery Inspector is integrated with Deep Discovery Director - Network Analytics as a Service or Network Sensor in Trend Vision One, listed data would be sent to the data lake.
Unregistering Deep Discovery Director or disabling Network Sensor from Trend Vision One console to prevent the mentioned data being sent to TrendMicro, but will severely impact network analytics capability for the customer.
Data Collected
  • Endpoint IP addresses
  • MAC address
  • Hostname
  • Domain username
  • Domain name
  • URL
  • Server IP address
  • Protocol
  • TCP Port
  • SMB Username
  • RDP username
  • RADIUS username
  • HTTP protocol headers
  • duration of each TCP session
  • SSL certificate information
  • Filename
  • email address
  • Size of the data transferred per IP Address per session
  • User realm

Certificate related:

  • Issuer common name
  • Subject common name
  • Issuer organizational unit name
  • Subject organizational unit name
  • Issuer organization name
  • Subject organization name
  • Issuer state or province name
  • Subject state or province name
  • Issuer email address
  • Subject email address
  • Server Name Indication (SNI)
  • Subject Alternate Name
Console Location
  • Integration with Deep Discovery Inspector
    Administration > Integrated Products/Services > Deep Discovery Director:

    Module state

    After Deep Discovery Inspector registers to Deep Discovery Director, Deep Discovery Director admin will manually pair Deep Discovery Inspector to Deep Discovery Director- Network Analytics as a Service on Deep Discovery Director management console.

  • Integration with Trend Vision One
    Network Inventory > Deep Discovery Inspector Appliances tab > Enable Network Sensor

    Module state

    Back to Deep Discvoery Inspector web console > Integrated Producs/Services > Trend Vision One to make the the connection is successful.

    Module state

Trend Vision One (Essential Access)
DescriptionWhen unregistered from Network Inventory or Deep Discovery Inspector, all data indicated for this row will not be sent out to Trend Micro Vision One.
Data Collected
  • IP address
  • MAC address
  • Host name
  • Filename/path
  • Email address
  • Email subject
  • Username
  • Domain name
  • URL
  • Network group name
  • Retro Scan Report
  • All System Event Logs
Console LocationAdministration > Integrated Products/Services > Trend Micro Vision One:

Module state

Trend Micro Vision One - Service Gateway
DescriptionWhen unregistered from Network Inventory, service gateway will be deregistered along with it.
All data indicated for this row will not be sent out to Trend Micro Vision One.
Data Collected
  • IP address
  • Suspicious objects
  • URL
  • Virtual analyzer report
  • Network connection status
  • Computer user name
  • Host name
  • MAC address
  • Product status
Console LocationAdministration > Integrated Product/Services > Trend Micro Vision One

Module state

After Deep Discovery Inspector registers to Network Inventory, and manual pair Service Gateway to specific DDI from Vision One > Network Inventory.

Keywords: data collected Deep Discovery Inspector 6.6 , data collected DDI, Deep Discovery Inspector 6.6 data collected by trend micro data collected DD1 6.6, DDI 6.6 data collected by trend micro