Deep Discovery Director (Consolidated Mode) includes the following features:
|
Feature or Benefit |
Details |
|---|---|
|
Trend Micro Vision One™ integration |
Deep Discovery Director (Consolidated Mode) integrates with Trend Micro Vision One to enable Deep Discovery appliances to send their activity data, and to enable Trend Micro Vision One to gain access to Network Analytics correlation data. |
|
MITRE ATT&CK™ Framework Tactics and Techniques information |
Deep Discovery Director (Consolidated Mode) detection details and analysis reports include MITRE ATT&CK™ framework Tactics and Techniques information. |
|
Advanced threat analysis |
Deep Discovery Director (Consolidated Mode) can integrate with multiple Deep Discovery Director (Internal Network Analytics Version) servers operating in Deep Discovery Director (Standalone Network Analytics Mode) or Deep Discovery Director - Network Analytics as a Service to provide advanced threat analysis using correlation data. |
|
Deep Discovery Inspector log aggregation |
Deep Discovery Director (Consolidated Mode) aggregates Deep Discovery Inspector detection logs. Using the same intuitive multi-level format, the Deep Discovery Director (Consolidated Mode) management console provides real-time threat visibility and analysis. This allows security professionals to focus on the real risks, perform forensic analysis, and rapidly implement containment and remediation procedures. |
|
Deep Discovery Email Inspector log aggregation |
Deep Discovery Director (Consolidated Mode) aggregates Deep Discovery Email Inspector detection, email message tracking and MTA logs. Using the same intuitive multi-level format that Deep Discovery Email Inspector users are accustomed to, the Deep Discovery Director (Consolidated Mode) management console provides real-time threat visibility and analysis. |
|
Product intelligence |
Deep Discovery Director (Consolidated Mode) consolidates suspicious objects and C&C callback addresses from registered Deep Discovery appliances. |
|
Custom intelligence |
Deep Discovery Director (Consolidated Mode) can distribute YARA rules to registered appliances and import threat intelligence using the Structured Threat Information eXpression (STIX 1.x, 2.0) format. You can also add user-defined suspicious objects that have not yet detected on your network, as well as exceptions that you consider harmless. |
|
Feed management |
Deep Discovery Director (Consolidated Mode) allows you to subscribe to and monitor intelligence feeds for threat information that can be used to complement your product and custom intelligence. |
|
Threat intelligence sharing |
Deep Discovery Director (Consolidated Mode) can share threat intelligence data with other products or services through TAXII (1.x, 2.0), OpenDXL, and HTTP or HTTPS web service. |
|
Auxiliary products and services |
To help provide effective detection and blocking at the perimeter, Deep Discovery Director (Consolidated Mode) can distribute threat intelligence data to auxiliary products and services. |
|
File passwords syncing |
Deep Discovery Director (Consolidated Mode) can configure and sync File Passwords settings with registered Deep Discovery Analyzer and Deep Discovery Email Inspector appliances. |
|
Email encryption management |
Deep Discovery Director (Consolidated Mode) can configure and sync Email Encryption feature related settings to registered Deep Discovery Email Inspector appliances. |
|
Dashboard |
The Dashboard screen and Deep Discovery appliance widgets allow administrators to view network integrity, system threat data, and email message detection and security information. |
|
Detections |
The Detections screen provides access to real-time information about various detection categories. |
|
Appliance logs |
The Logs screen where users can find Deep Discovery appliance related logs such as Email Message Tracking, MTA, and Message Queue logs. |
|
Syslog |
The Syslog screen allows Deep Discovery Director (Consolidated Mode) to send suspicious objects lists and detection and appliance related logs in CEF and LEEF to up to three Syslog servers. |
|
System alerts |
Administrators can view the details of triggered alerts directly on the management console. Custom rules can be created to be alerted of specific threats. |
|
Reports |
Deep Discovery Director (Consolidated Mode) can generate scheduled and on-demand Network Security and Email Security reports. |
|
Simple Network Management Protocol |
Deep Discovery Director (Consolidated Mode) supports Simple Network Management Protocol (SNMP) and can use it to send SNMP trap messages to notify administrators about events that require attention, and to listen to SNMP manager requests for system information and status updates. |
|
Role-based access control |
Built-in roles allow administrators to control which management console screens and features can be accessed. Custom roles can be created to control which appliances a role can see and manage, and which email message detections a role can see. |
|
Storage configuration |
Administrators can add extra available disk space to Deep Discovery Director (Consolidated Mode) partitions to increase the number of logs or repository files that can be stored. |
|
Directory |
The Directory displays information about Deep Discovery appliances that are registered to Deep Discovery Director (Consolidated Mode). |
|
Plans |
Plans define the scope and schedule of deployments to target appliances. |
|
Repository |
The Repository screen displays all update, upgrade, and Virtual Analyzer image files hosted by the server. Upload and delete files from here. |
|
Component updates |
Deep Discovery Director (Consolidated Mode) uses components to display related information about detections. |
|
Updates |
The Updates screen enables you to install hotfixes, patches and firmware upgrades to Deep Discovery Director (Consolidated Mode). After an official product release, Trend Micro releases system updates to address issues, enhance product performance, or add new features. |
|
Microsoft Active Directory Integration |
Deep Discovery Director (Consolidated Mode) allows Active Directory accounts to access the management console. |
|
SAML for single sign-on (SSO) |
Deep Discovery Director (Consolidated Mode) supports the Security Assertion Markup Language (SAML) authentication standard using Okta and Active Directory Federation Services (ADFS) identify providers to allow users to single sign-on to the Deep Discovery Director (Consolidated Mode) console when they sign in to their organization's portal. |
|
System Logs |
Deep Discovery Director (Consolidated Mode) maintains system logs that provide summaries about user access, setting changes, and other configuration modifications that occurred using the management console. |
|
Quarantined Messages screen |
Deep Discovery Director (Consolidated Mode) provides access to quarantined email messages in the enhanced Detections section. |
|
Email message queue management |
Deep Discovery Director (Consolidated Mode) can be used to manage the email queue of registered Deep Discovery Email Inspector appliances. |
|
End-User Quarantine |
Deep Discovery Director (Consolidated Mode) includes the End-User Quarantine (EUQ) feature to improve spam management. |
|
Trend Micro Apex Central™ integration |
Deep Discovery Director (Consolidated Mode) integrates with Apex Central for the express purpose of retrieving endpoint analysis reports to provide Deep Discovery Director - Network Analytics as a Service with even more data for more thorough advanced threat analysis. |
|
Web API access |
Deep Discovery Director (Consolidated Mode) now allows the creation of user accounts that are only allowed system access via web API. Web API can be used to automate certain threat intelligence related tasks. |