Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director (DDD) Cloud

    • Updated:
    • 15 Dec 2020
    • Product/Version:
    • Deep Discovery Inspector 5.7
    • Platform:
Summary

XDR has an ability to do detection and response across email, endpoints, servers, cloud workloads and network via a single XDR platform.

XDR sits on top of relevant Trend Micro products in a customers’ environment, and offers expert security analytics for alert correlation, and consolidated visibility and investigation of events across security layers, leading to earlier detection and faster response.

Recommendation

XDR offers a lot of capabilities such as early detection and response, getting greater context for greater understanding, etc. across multiple products. So if you use XDR, Trend Micro recommends to connect DDI to XDR to fully utilize XDR functionality.

Configuration

There are 2 ways to connect DDI to XDR:

connect DDI to XDR

  • Scenario 1: XDR integration using Deep Discovery Director (DDD) On-Premises

    • Prepare DDI and DDD On-Premises to integrate with XDR.
    • DDD On-Premises can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) which is located in Trend Micro Cloud side.
  • Scenario 2: XDR integration using Deep Discovery Director (DDD) Cloud

    • Prepare DDI and connect it to DDD Cloud version which is located in Trend Micro Cloud side to integrate with XDR.
    • DDD Cloud can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) in the backend.
     
    DDDNASaaS is also referred as “XDR Addon”, it provides advanced threat analysis for data correlations made between detections selected in DDD and other related events as they occur over time.
     

This article will show you how to configure DDI for the 2nd scenario, which is to integrate DDI with XDR using DDD Cloud.

For information about how to configure DDI for scenario 2, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director On-Premises.

Details
Public

Configuration for Scenario 2: Integrating DDI with XDR using DDD Cloud

  1. Install the products. Versions DDI 5.6 SP1 or above, which supports integration with XDR investigation platform.

    Make sure DDI has valid AC.

  2. Provision DDD Cloud and DDDNASaaS (XDR Addon) from the XDR console.

    1. Log on to the Trend Micro XDR console(https://portal.xdr.trendmicro.com/), go to Product Connector and click Connect.

      Product Connector

    2. Select Deep Discovery from the Product name: field. Choose Request a Deep Discovery Director cloud version.
    3. Enter the XDR Addon Activation Code and wait for the provision to be completed.

      Enter XDR Addon AC

      XDR console shows Provisioning status during the provision.

      Provisioning status

      After the provision completed, Connection Status shows Connected.

      Connected status

       
      Provisioning sometimes take 10 minutes.
       
  3. Get the DDD cloud logon info.

    Click the bell icon to get the DDD cloud URL and logon info. Such information will also be sent to the local accounts’ email boxes.

    Click bell icon

  4. Get the DDD cloud token.

    On the DDD cloud web console, go to Help then copy the DDD cloud token.

    copy DDD cloud token

  5. Register DDI to DDD.

    1. On DDI web console, go to Administration > Integrated Products/Services > Deep Discovery Director.
    2. For server type, select the Cloud version then click Register.

      select Cloud version

    3. Paste the DDD cloud token just copied, and click Register.

      Paste DDD cloud token

    4. Once registration is completed, log on to the DDD cloud web console then go to Appliances > Directory and click Move to move DDI to a managed or other customized folder.

      Move

      Move

  6. Bind DDI to DDDNASaaS.

    Bind DDI to send network flow (activity data) to DDDNASaaS.

    1. On the DDD Cloud web console, go to Administration > Network Analytics. Go to the Connected Sources tab.
    2. Select the DDI instance which you want to bind (default is Disabled).
    3. Click Configure to enable and bind the selected DDI instance with DDDNASaaS.

      Click Configure

    4. Under the status column, click on the toggle button to Enable then click Save.

      toggle to enable

      enabled

       
      While there is no limit on the number of Deep Discovery Inspector appliances you can enable, their total combined Bandwidth cannot exceed the available Bandwidth capacity.
       
  7. Check the Deep Discovery onboarding status from XDR.

    On the Trend Micro XDR console, go to Product Connector and check the Deep Discovery onboarding status.

    Once the configuration and registration are completed, DDD cloud, DDI, and DDDNASaaS (XDR Addon) entries should be shown on the list.

    enabled

  8. Allow some URLs and ports from your firewall. Refer to the knowledgebase article: URLs to be allowed through the firewall of Deep Discovery Inspector (DDI) 5.7.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283362
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.