Trend Micro - Securing Your Journey to the Cloud Business
Success
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director (DDD) On-Premises

    • Updated:
    • 15 Dec 2020
    • Product/Version:
    • Deep Discovery Inspector 5.7
    • Platform:
Summary

XDR has an ability to do detection and response across email, endpoints, servers, cloud workloads and network via a single XDR platform.

XDR sits on top of relevant Trend Micro products in a customers’ environment, and offers expert security analytics for alert correlation, and consolidated visibility and investigation of events across security layers, leading to earlier detection and faster response.

Recommendation

XDR offers a lot of capabilities such as early detection and response, getting greater context for greater understanding, etc. across multiple products. So if you use XDR, Trend Micro recommends to connect DDI to XDR to fully utilize XDR functionality.

Configuration

There are 2 ways to connect DDI to XDR:

connect DDI to XDR

  • Scenario 1: XDR integration using Deep Discovery Director (DDD) On-Premises

    • Prepare DDI and DDD On-Premises to integrate with XDR.
    • DDD On-Premises can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) which is located in Trend Micro Cloud side.

  • Scenario 2: XDR integration using Deep Discovery Director (DDD) Cloud

    • Prepare DDI and connect it to DDD Cloud version which is located in Trend Micro Cloud side to integrate with XDR.
    • DDD Cloud can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) in the backend.
     
    DDDNASaaS is also referred as “XDR Addon”, it provides advanced threat analysis for data correlations made between detections selected in DDD and other related events as they occur over time.
     

This article will show you how to configure DDI for the 1st scenario, which is to integrate DDI with XDR using DDD On-Premises.

For information about how to configure DDI for scenario 2, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director Cloud.

Details
Public

Configuration for Scenario 1: Integrating DDI with XDR using DDD On-Premises

  1. Install Products (DDI and DDD).

    Install the product versions which support integration with XDR investigation platform.

    • DDI 5.6 SP1 or above
    • DDD 5.1 SP1 with the latest hot fix or above.

    If you use DDD 5.2, install it in consolidated mode with install base version.

     
    For the hot fix information, contact Trend Micro Technical Support.
     

  2. Make sure both DDI and DDD has valid Activation Code.

     
    DDI Activation Code could be used for DDD as well.
     

  3. Provision Deep Discover Director-Network Analytics as a Service (DDDNASaaS) from DDD.

    On the DDD web console, go to Administration > Licenses, then enter XDR Addon (DDNASaaS) Activation Code.

    DDNASaaS provision will be auto started and the following message will be observed from DDD web console.

    DDD web console

  4. Register DDI to DDD.

    1. On the DDD web console, go to Help, copy the API key.

    2. On the DDI web console, go to Administration > Integrated Products/Services > Deep Discovery Director, select On-premises version for Server type, enter the DDD server address, DDD API key, and click Register.

      Register DDI to DDD

  5. Move DDI to the Managed folder.

    On DDD web console, go to Appliances > Directory, move DDI to managed or other customized folder.

    move DDI

  6. Bind DDI to send network flow (activity data) to DDDNASaaS via DDD web console.

    1. On the DDD web console, go to Administration > Network Analytics then click on the Connected Sources tab.
    2. Select the DDI instance which you want to bind (default is Disabled). Click Configure to enable and bind selected DDI instance with DDDNASaaS.

    click Configure

    toggle Enable

    Enabled Status

  7. Onboard DDD to XDR investigation platform.

    Log on to the Trend Micro XDR console (https://portal.xdr.trendmicro.com/). Go to Product Connector and click Connect.

    Product Connector

  8. Copy the enrollment token from the Trend Micro XDR console.

    Select Deep Discovery Director from the list. Select Connect Deep Discovery Director on-premises version, click on the Click to generate the enrollment token link to get the token.

    generate enrollment token

    Enrollment token will be appeared.

  9. Paste the enrollment token to Deep Discovery Director.

    1. On the DDD web console, go to Administration > Trend Micro XDR (https://%DDD_URL%/admin/xdr/status).

    2. Click Register next by Status field, when the dialog that appears, paste the enrollment token and then click Register.

      click Register

  10. Once above configuration and registration are completed, from XDR console, DDD, DDI, and XDR add-on status will be shown on the list.

    add-on status

  11. Allow some URLs and ports from your firewall. Refer to the KB article: URLs to be allowed through the firewall of Deep Discovery Inspector (DDI) 5.7.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283354
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.