<> Trend Micro Incorporated August 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Director - Network Analytics Version 3.0 Build 1421 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://downloadcenter.trendmicro.com Contents ===================================================================== 1. About Deep Discovery Director - Network Analytics 2. Documentation Set 3. System Requirements 4. Installation or Upgrade 5. Post-Installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Deep Discovery Director - Network Analytics ======================================================================== Trend Micro Deep Discovery Director - Network Analytics provides advanced threat analysis on historical network data based on Deep Discovery Inspector’s network detections, and other related events as they occur over time. Designed to be integrated into your existing network topology, this is a transparent solution that integrates with Deep Discovery Director and Deep Discovery Inspector to provide advanced protection against cyber threats and attacks that could threaten your network. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com * Installation and Deployment Guide: A PDF document that contains detailed instructions about requirements and procedures for installing and deploying Deep Discovery Director - Network Analytics. * Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com To download or view electronic versions of the documentation set for Deep Discovery Director, part of the integrated solution, go to http://docs.trendmicro.com To download or view electronic versions of the documentation set for Deep Discovery Inspector, part of the integrated solution, go to http://docs.trendmicro.com 4. System Requirements ======================================================================== ------------------- Integrated products ------------------- * Deep Discovery Director 3.0 or later * Deep Discovery Inspector 5.1 or later ----------------- Virtual appliance ----------------- Virtual machine with the following minimum specifications: * Hypervisor: VMware vSphere ESXi 6.5, Microsoft Hyper-V in Windows Server 2016 * Deep Discovery Director - Network Analytics is an appliance based on CentOS Linux 7 (64-bit) * Network interface card: 1 with 1 Gbps adapter * SCSI controller: LSI Logic Parallel * CPU: 1.8 GHz (8-12 cores) * Memory: 64 GB * Hard disk: 6 TB (thick provisioned) With this configuration and a typical enterprise level of network traffic, Deep Discovery Director - Network Analytics can service: * Up to 4 DDI-1000 devices * Up to 1 DDI-4K device With this storage capacity, the amount of time for which network data can be retained, and hence correlations are available is: * For 1 DDI-1000 device: 4-6 months * For 1 DDI-4K device: 40-45 days ------------------ Management console ------------------ * Google Chrome(TM) latest version * Mozilla(TM) Firefox(TM) latest version * Microsoft(TM) Internet Explorer(TM) latest version Recommended resolution: 1280 x 800 or higher 5. Deployment or Upgrade ======================================================================== 1. See Chapter 2 of the Installation and Deployment Guide for deployment instructions. 2. See Chapter 5 of the Installation and Deployment Guide for upgrade instructions. 6. Post-Deployment Configuration ======================================================================== See Chapter 3 of the Installation and Deployment Guide. 7. Known Issues ======================================================================== The following are the known issues in this release: 1. During initial installation, in the “Installation Destination” setting page, do NOT select “I will configure partitioning” because custom partitions could be created incorrectly. Please use the default option “Automatically configure partitioning”. 2. Issue: SMB network flow details might be empty in the incident report because of an error handling issue when handling large files or partial content from SMB clients. Solution: Apply Deep Discovery Inspector v5.1 Hotfix 1196 that will be released in August 2018. 3. When clicking on the correlation icon for a suspicious object in Deep Discovery Director's User Defined Suspicious Object (UDSO) list, Deep Discovery Director - Network Analytics might not display any correlations. The reason is that network activities for the UDSO were SMTP only or from a protocol that is not supported by Deep Discovery Director - Network Analytics. Supported protocols include: HTTP, FTP, SMTP, KRB5, SMB, RDP 4. The Triggered Alerts page shows the triggered alert history. If the user changes the checking frequency of an alert listed on the Alert Rules page, the historical criteria information on the Triggered Alerts page will auto change. 5. Deep Discovery Director - Network Analytics only supports using an IP address as the server identity for communication between Deep Discovery Director and Deep Discovery Director - Network Analytics. Using a host name as the server identity will be supported in the next version. 6. When there are multiple Deep Discovery Inspector detections from the same host within a minute, only the last Deep Discovery Inspector detection event (IOC: SHA1 or URL) can be correlated with an SMTP email containing the violating SHA1 or URL. Correlation for all Deep Discovery Inspector detected events within a minute with SMTP email will be supported in next release. 7. The backup and restore configuration does not include syslog settings and NTP settings under administration. These settings will be covered in the next patch release. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, Deep Discovery, and Deep Discovery Director are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed on the Deep Discovery Director web console.