Recommendation
To help DDI determine where the malicious traffics are coming from and help the administrator identify events in the detection logs easier, Trend Micro recommends configuring the IP addresses to establish groups of monitored networks and assign descriptive network group names for easy identification of which network an IP address belong to.
The following images show a malware download sample of a detection log when monitored network groups are defined. According to the Network Group information, it was observed that the file landed into a machine within Threat Lab network sub-group which is under the Default network group profile.
Malware download sample of a detection log
Configuration
In the Administration > Network Groups and Assets section of the DDI web console, all monitored Network Groups are listed including their subgroups.
DDI provides a “Default” network group containing the IP address blocks reserved by the Internet Assigned Numbers Authority (IANA) for private networks. The following image shows the IP ranges which are defined inside a “Default” network group.
IP Address Range list
To configure or customize the setting of the monitored Network Groups, administrators can add new subgroups (up to three layers of subgroups.) based on the “Default” network group profile or to create new network groups and specify IP address ranges, do the following:
-
Go to Administration > Network Groups and Assets > Network Groups.
-
Click Add. The Network Groups window appears.
- Type a group name (e.g. "Finance network", "IT network", or "Administration").
-
Use a dash character to assign an IPv4/IPv6 IP address range or to specify the subnet mask/prefix for IP addresses (up to 1,000 IP address ranges).
- Select the Network zone, ”Trusted” indicates a secure network and ”Untrusted” indicates a degree of doubt about the security of the network.
- Click Add.
- Click Save.