Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Defining Monitored Network Groups in Deep Discovery Inspector (DDI) 3.8

    • Updated:
    • 18 Oct 2017
    • Product/Version:
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

DDI uses IP-address list/range defined in the Monitored Network Group to determine whether attacks originate from inside or outside the network, and that information might also impact severity of detections, identification of affected hosts and trigger criteria of certain rules if the monitored network is not defined or properly set.

Details
Public

Recommendation

To help DDI determine where the malicious traffics are coming from and help the administrator identify events in the detection logs easier, Trend Micro recommends the following:

  • Configure the IP addresses to establish groups of monitored networks and assign descriptive network group names for easy identification of which network an IP address belong to. The following image shows a malware download sample of a detection log when monitored network groups are defined. According to the Network Group information, it was observed that the file landed into a machine within Threat Lab network sub-group which is under the Default network group profile.

    Malware download sample of a detection log

    Click image to enlarge

Configuration

In the Administration > Network Groups and Assets section of the DDI web console, all monitored Network Groups are listed including their subgroups.

DDI provides a “Default” network group containing the IP address blocks reserved by the Internet Assigned Numbers Authority (IANA) for private networks. To configure or customize the setting of the monitored Network Groups, administrators can add new subgroups (up to three layers of subgroups.) based on the “Default” network group profile or to create new network groups and specify IP address ranges, do the following:.

  1. Go to Administration > Network Groups and Assets > Network Groups.

    Go to Network Groups

  2. Click Add. The Network Groups window appears.

    Click Add

  3. Type a group name (e.g. "Finance network", "IT network", or "Administration").
  4. Use a dash character to assign an IPv4/IPv6 IP address range or to specify the subnet mask/prefix for IP addresses (up to 1,000 IP address ranges).

    Use dash characters

  5. Select the Network zone, ”Trusted” indicates a secure network and ”Untrusted” indicates a degree of doubt about the security of the network.
  6. Click Add.
  7. Click Save.
Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1118577
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.