Deep Discovery Director (DDD), from version 3.0, has ability to do suspicious objects synchronization among managed Deep Discovery products.
Deep Discovery appliances (DDI 5.1, DDAN 6.1 and DDEI 3.1) will no longer synchronize suspicious objects with Control Manager (TMCM) or Apex Central after they are managed by DDD 3.0.
If you use both DDD and TMCM/Apex Central, you must update your TMCM server to version 7.0 with the hot fix to synchronize the consolidated list of suspicious objects from DDD instead of from individual Deep Discovery appliances.
This article will show you how to register DDD into TMCM/Apex Central, with TMCM/Apex Central as the suspicious object source.
Do the following steps to complete the registration flow:
If you are using TMCM 7.0, applying TMCM 7.0 Patch 1 must be done first.
TMCM 7.0 Patch 1 can be downloaded from the Download Center.
For the hot fix information, contact Trend Micro Technical Support.
-
On the TMCM/Apex Central web console, go to Administration > Managed Servers > Server Registration.
-
Choose Deep Discovery Director as the Server Type.
-
Click Add then key in all DDD related information.
After registering, TMCM/Apex Central will issue the following requests to DDD every 10 minutes:
- Upload Virtual Analyzer Suspicious Object (VASO) to TMCM/Apex Central.
- Push full exception list if there is an item changed (eg: Add/Delete from TMCM/Apex Central console).
As for the User-Defined Suspicious Object (UDSO), DDD will download them every 30 seconds.