DDD 5.2 (On-Premise)
Threat Connect
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “View in Threat Connect” button in the “Detection Details” view.
| Data collected |
|
|---|---|
| Console location | The user manually triggers Threat Connect connection in the “Detection Details” view of a network detection.
|
| Console settings | View in Threat Connect
|
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “View in Threat Connect” button in the “Detection Details” view.
| Data collected |
|
|---|---|
| Console location | The user manually triggers Threat Connect connection in the “Detection Details” view of an email detection.
|
| Console settings | View in Threat Connect |
Threat Connect allows the administrator to view related threat information from the global intelligence database.
Data is only sent when the administrator manually clicks the “Threat Connect” button in the “Analysis Report” view.
| Data collected |
|
|---|---|
| Console location | The user manually triggers Threat Connect connection in the “Analysis Report”. |
| Console settings | Threat Connect |
Domain Exceptions
The administrator can add domains that they consider safe to an exception list.
Data is only collected when the administrator manually adds domain names on the management console.
| Data collected | Domain name |
|---|---|
| Console location | Administration > Network Analytics > Domain Exceptions |
| Console settings | Domain Exceptions |
Priority Watch List
The administrator can add servers that they consider high-priority for tracking and reporting.
Data is only collected when the administrator manually adds IP addresses on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Priority Watch List |
| Console settings | Priority Watch List |
Registered Services
The administrator can add servers for specific services that their organization uses.
Data is only collected when the administrator manually adds domains name on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Registered Services |
| Console settings | Registered Services |
Trusted Internal Network
The administrator can specify IP addresses or ranges to treat as part of their trusted internal network.
Data is only collected when the administrator manually adds IP addresses or ranges on the management console.
| Data collected |
|
|---|---|
| Console location | Administration > Network Analytics > Trusted Internal Network |
| Console settings | Trusted Internal Network |
Analysis Report
The administrator can view the correlation data of a correlated event.
Data is only sent when the administrator manually clicks the “Correlation Data” icon on the “Synchronized Suspicious Objects” screen.
| Data collected | IP address |
|---|---|
| Console location | Detections > Correlated Events |
| Console settings | Correlated Events |
| Data collected |
|
|---|---|
| Console location | Threat Intelligence > Product Intelligence > Synchronized Suspicious Objects |
| Console settings | Synchronized Suspicious Objects
|
RCA Report
Endpoint analysis reports can be collected from Endpoint Sensor to help with correlation.
Data is automatically collected periodically when the administrator enables retrieval of endpoint analysis reports from Apex Central on the management console.
| Data collected |
|
|---|---|
| Console location | Administration > Integrated Products/Services > Apex Central |
| Console settings | Apex Central |
Email Encryption
In the Domain List screen, the administrator can specify email domains for email encryption and an email address for receiving key files to complete the domain registration process.
In the Identification screen, the administrator can specify the email address that is used to sign messages with domains that are not part of the Domain List.
| Data collected |
|
|---|---|
| Console location | Appliances > Email Encryption |
| Console settings |
|
XDR
In the status tab, users click the register button to register XDR service to connect DDI, DDD-NAaaS, and DDD to XDR.
| Data collected |
|
|---|---|
| Console location | Administration > Trend Micro XDR > Status |
| Console settings | Register |
DDD 5.2 (AWS)
Domain Exceptions
The administrator can add domains that they consider safe to an exception list.
Data is only collected when the administrator manually adds domain names on the management console.
| Data collected | Domain name |
|---|---|
| Console location | Administration > Network Analytics > Domain Exceptions |
| Console settings | Domain Exceptions |
Priority Watch List
The administrator can add servers that they consider high-priority for tracking and reporting.
Data is only collected when the administrator manually adds IP addresses on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Priority Watch List |
| Console settings | Priority Watch List |
Registered Services
The administrator can add servers for specific services that their organization uses.
Data is only collected when the administrator manually adds domains name on the management console.
| Data collected | IP address |
|---|---|
| Console location | Administration > Network Analytics > Registered Services |
| Console settings | Registered Services |
Trusted Internal Network
The administrator can specify IP addresses or ranges to treat as part of their trusted internal network.
Data is only collected when the administrator manually adds IP addresses or ranges on the management console.
| Data collected |
|
|---|---|
| Console location | Administration > Network Analytics > Trusted Internal Network |
| Console settings | Trusted Internal Network |