Configuration for Trend Micro Vision One integration using DDD On-Premises

Summary

Trend Micro Vision One has an ability to do detection and response across email, endpoints, servers, cloud workloads and network via a single Trend Micro Vision One platform.

Trend Micro Vision One sits on top of relevant Trend Micro products in a customers’ environment, and offers expert security analytics for alert correlation, and consolidated visibility and investigation of events across security layers, leading to earlier detection and faster response.

Recommendation

Trend Micro Vision One offers a lot of capabilities such as early detection and response, getting greater context for greater understanding, etc. across multiple products. So if you use Trend Micro Vision One, Trend Micro recommends to connect DDI to Trend Micro Vision One to fully utilize Trend Micro Vision One functionality.

Configuration

There are 2 ways to connect DDI to Trend Micro Vision One:

Scenario 1: Trend Micro Vision One integration using Deep Discovery Director (DDD) On-Premises
- Prepare DDI and DDD On-Premises to integrate with Trend Micro Vision One.
- DDD On-Premises can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) which is located in Trend Micro Cloud side.
Scenario 2: Trend Micro Vision One integration using Deep Discovery Director (DDD) Cloud
- Prepare DDI and connect it to DDD Cloud version which is located in Trend Micro Cloud side to integrate with Trend Micro Vision One.
- DDD Cloud can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) in the backend.
DDDNASaaS is also referred as “Trend Micro Vision One Addon”, it provides advanced threat analysis for data correlations made between detections selected in DDD and other related events as they occur over time.

This article will show you how to configure DDI for the 1st scenario, which is to integrate DDI with Trend Micro Vision One using DDD On-Premises.

For information about how to configure DDI for scenario 2, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with Trend Micro Vision One using Deep Discovery Director Cloud.

Details

Configuration for Scenario 1: Integrating DDI with Trend Micro Vision One using DDD On-Premises

Install Products (DDI and DDD).

Install the product versions which support integration with Trend Micro Vision One investigation platform.
- DDI 5.6 SP1 or above
- DDD 5.1 SP1 with the latest hot fix or above.
If you use DDD 5.2, install it in consolidated mode with install base version.

For the hot fix information, contact Trend Micro Technical Support.
Make sure both DDI and DDD has valid Activation Code.

DDI Activation Code could be used for DDD as well.
Provision Deep Discover Director-Network Analytics as a Service (DDDNASaaS) from DDD.

On the DDD web console, go to Administration > Licenses, then enter Trend Micro Vision One Addon (DDNASaaS) Activation Code.

DDNASaaS provision will be auto started and the following message will be observed from DDD web console.
Register DDI to DDD.
1. On the DDD web console, go to Help, copy the API key.
2. On the DDI web console, go to Administration > Integrated Products/Services > Deep Discovery Director, select On-premises version for Server type, enter the DDD server address, DDD API key, and click Register.
Move DDI to the Managed folder.

On DDD web console, go to Appliances > Directory, move DDI to managed or other customized folder.
Bind DDI to send network flow (activity data) to DDDNASaaS via DDD web console.
1. On the DDD web console, go to Administration > Network Analytics then click on the Connected Sources tab.
2. Select the DDI instance which you want to bind (default is Disabled). Click Configure to enable and bind selected DDI instance with DDDNASaaS.
Onboard DDD to Trend Micro Vision One investigation platform.

Log on to the Trend Micro Trend Micro Vision One console (https://portal.Trend Micro Vision One.trendmicro.com/). Go to Product Connector and click Connect.
Copy the enrollment token from the Trend Micro Trend Micro Vision One console.

Select Deep Discovery Director from the list. Select Connect Deep Discovery Director on-premises version, click on the Click to generate the enrollment token link to get the token.

Enrollment token will be appeared.
Paste the enrollment token to Deep Discovery Director.
1. On the DDD web console, go to Administration > Trend Micro Trend Micro Vision One (https://%DDD_URL%/admin/Trend Micro Vision One/status).
2. Click Register next by Status field, when the dialog that appears, paste the enrollment token and then click Register.
Once above configuration and registration are completed, from Trend Micro Vision One console, DDD, DDI, and Trend Micro Vision One add-on status will be shown on the list.
Allow some URLs and ports from your firewall. Refer to the KB article: URLs to be allowed through the firewall of Deep Discovery Inspector (DDI) 5.7.

Rating:

Category:

Configure

Solution Id:

000283354

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.