Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Registering Domains and Services in Deep Discovery Inspector (DDI) 3.8

    • Updated:
    • 18 Oct 2017
    • Product/Version:
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

The DDI Registered Domain and Registered Services settings indicate that DDI, which domains and services (e.g. DNS, FTP, SMTP, etc) are trusted, helps organizations discover non-authorized services or untrusted domains.

 
The registered services and domains lists are not whitelisted for the trusted services or domains. These lists only affect some rule conditions that check for unregistered services or domains.
Details
Public

Recommendation

Identifying trusted domains and services in the network not only ensures detection of unauthorized domains, applications, or services, but also avoids unnecessary detections of trusted domains and services that become a distraction for important detections that need more attention.

Therefore, Trend Micro recommends:

  • Checking with the customers and registering all their trusted network domains and dedicated servers for specific services that they use internally or consider trustworthy.
  • Exporting all the current network configuration via Export function as backup.

Configuration

To register trusted domains (up to 1,000 entries), do the following:

  1. Go to Administration > Network Groups and Assets > Registered Domains.

    Go to Registered Domains

  2. In the Domain field, specify a domain name to be registered. Registered domain names appear in the Defined Registered Domains section.

    Specify a domain name to be registered

    As an optional step, you may click Analyze to display the detected domains that DDI had already observed in the network. This simplifies the process of trusted domain registration.

    Analyze option

  3. Click Add.

    Click Add

To register trusted services (up to 1,000 entries), do the following:

  1. Go to Administration > Network Groups and Assets > Registered Services.

    Go to Registered Services

  2. Select a service from the drop-down list.

    Select a service from dropdown list

    As an optional step, you may click Analyze to display the detected services that DDI had already observed in the network. This simplifies the process of trusted service registration.

    Analyze option_Registered Services

  3. In the Server name field, specify a server name.

    Specify a Server Name

  4. In the IP address field, specify an IPV4/IPV6 IP address.

     
    IP address ranges cannot be specified

    Specify an IPV4 or IPV6 IP address

  5. Click Add.

    Click Add

Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1118581
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.