Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with Trend Micro Vision One using Deep Discovery Director (DDD) Cloud

    • Updated:
    • 22 Mar 2021
    • Product/Version:
    • Deep Discovery Director All
    • Deep Discovery Inspector 5.7
    • Trend Micro Vision One All
    • Platform:
    • N/A
Summary

Trend Micro Vision One has an ability to do detection and response across email, endpoints, servers, cloud workloads and network via a single Trend Micro Vision One platform.

Trend Micro Vision One sits on top of relevant Trend Micro products in a customers’ environment, and offers expert security analytics for alert correlation, and consolidated visibility and investigation of events across security layers, leading to earlier detection and faster response.

Recommendation

Trend Micro Vision One offers a lot of capabilities such as early detection and response, getting greater context for greater understanding, etc. across multiple products. So if you use Trend Micro Vision One, Trend Micro recommends to connect DDI to Trend Micro Vision One to fully utilize Trend Micro Vision One functionality.

Configuration

There are two (2) ways to connect DDI to Trend Micro Vision One:

connect DDI to Trend Micro Vision One

  • Scenario 1: Trend Micro Vision One integration using Deep Discovery Director (DDD) On-Premises

    • Prepare DDI and DDD On-Premises to integrate with Trend Micro Vision One.
    • DDD On-Premises can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) which is located in Trend Micro Cloud side.
  • Scenario 2: Trend Micro Vision One integration using Deep Discovery Director (DDD) Cloud

    • Prepare DDI and connect it to DDD Cloud version which is located in Trend Micro Cloud side to integrate with Trend Micro Vision One.
    • DDD Cloud can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) in the backend.
     
    DDDNASaaS is also referred as “Trend Micro Vision One Addon”, it provides advanced threat analysis for data correlations made between detections selected in DDD and other related events as they occur over time.
     

This article will show you how to configure DDI for the 2nd scenario, which is to integrate DDI with Trend Micro Vision One using DDD Cloud.

For information about how to configure DDI for scenario 1, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with Trend Micro Vision One using Deep Discovery Director On-Premises.

Details
Public

To integrate DDI with Trend Micro Vision One using DDD Cloud:

  1. Install the products. Versions DDI 5.6 SP1 or above, which supports integration with Trend Micro Vision One investigation platform.

    Make sure DDI has valid AC.

  2. Provision DDD Cloud and DDDNASaaS (Trend Micro Vision One Addon) from the Trend Micro Vision One console.

    1. Log on to the Trend Micro Trend Micro Vision One console(https://portal.Trend Micro Vision One.trendmicro.com/), go to Product Connector and click Connect.

      Product Connector

    2. Select Deep Discovery from the Product name: field. Choose Request a Deep Discovery Director cloud version.
    3. Enter the Trend Micro Vision One Addon Activation Code and wait for the provision to be completed.

      Enter Trend Micro Vision One Addon AC

      Trend Micro Vision One console shows Provisioning status during the provision.

      Provisioning status

      After the provision completed, Connection Status shows Connected.

      Connected status

       
      Provisioning sometimes take 10 minutes.
       
  3. Get the DDD cloud logon info.

    Click the bell icon to get the DDD cloud URL and logon info. Such information will also be sent to the local accounts’ email boxes.

    Click bell icon

  4. Get the DDD cloud token.

    On the DDD cloud web console, go to Help then copy the DDD cloud token.

    copy DDD cloud token

  5. Register DDI to DDD.

    1. On DDI web console, go to Administration > Integrated Products/Services > Deep Discovery Director.
    2. For server type, select the Cloud version then click Register.

      select Cloud version

    3. Paste the DDD cloud token just copied, and click Register.

      Paste DDD cloud token

    4. Once registration is completed, log on to the DDD cloud web console then go to Appliances > Directory and click Move to move DDI to a managed or other customized folder.

      Move

      Move

  6. Bind DDI to DDDNASaaS.

    Bind DDI to send network flow (activity data) to DDDNASaaS.

    1. On the DDD Cloud web console, go to Administration > Network Analytics. Go to the Connected Sources tab.
    2. Select the DDI instance which you want to bind (default is Disabled).
    3. Click Configure to enable and bind the selected DDI instance with DDDNASaaS.

      Click Configure

    4. Under the status column, click on the toggle button to Enable then click Save.

      toggle to enable

      enabled

       
      While there is no limit on the number of Deep Discovery Inspector appliances you can enable, their total combined Bandwidth cannot exceed the available Bandwidth capacity.
       
  7. Check the Deep Discovery onboarding status from Trend Micro Vision One.

    On the Trend Micro Trend Micro Vision One console, go to Product Connector and check the Deep Discovery onboarding status.

    Once the configuration and registration are completed, DDD cloud, DDI, and DDDNASaaS (Trend Micro Vision One Addon) entries should be shown on the list.

    enabled

  8. Allow some URLs and ports from your firewall. Refer to the knowledgebase article: URLs to be allowed through the firewall of Deep Discovery Inspector (DDI) 5.7.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283362
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.