Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Testing with demo rules in Deep Discovery Inspector (DDI) 3.8

    • Updated:
    • 12 Dec 2017
    • Product/Version:
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

To help deploy DDI effectively and validate whether it could receive traffic and trigger detections successfully, DDI also has several rules that are built-in to help test or demo.

Details
Public

The following are built-in rules for testing and demo:

  • Rule 2244 - DEMO RULE - ICMP (Request)
  • Rule 2245 - DEMO RULE - DNS (Request)
  • Rule 2246 - DEMO RULE - HTTP (Request)
  • Rule 2247 - DEMO RULE - SMB (Request)
  • Rule 2248 - DEMO RULE - SMTP (Request)
  • Rule 2249 - DEMO RULE - KERBEROS (Request)

To verify if the Network Content Inspection Engine (NCIE) or demo rules are working properly, for instance, Rule 2245 - DEMO RULE - DNS (Request), perform the following on any host that is in a DDI monitored network:

  1. Use the nslookup command to generate DNS request packet to resolve “ddi.detection.test”.
  2. Open the DDI web console and go to Detections > All Detections to verify if DDI has detected a violation.
  3. To see more detection information, check the Detail column.

    • Notice the severity of the demo rules are all 'Informational' and with a few different attack phases.
    • In addition, note that within the same hour, there will be, at a maximum, 10 logs for each demo rule detection.

All detections page

Click image to enlarge

For more information about demo rules, refer to the internal Knowledgebase article: Using Deep Discovery Inspector (DDI) demo rules to validate monitored traffic.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1119038
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.