<> Trend Micro Incorporated November 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Director - Network Analytics Version 3.0 Service Pack 1 Build 3.0.1.1459 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://downloadcenter.trendmicro.com Contents ===================================================================== 1. About Deep Discovery Director - Network Analytics 2. Documentation Set 3. System Requirements 4. Upgrade Prerequisite 5. Deployment or Upgrade 6. Post-Deployment Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Deep Discovery Director - Network Analytics ======================================================================== Trend Micro Deep Discovery Director - Network Analytics provides advanced threat analysis on historical network data based on Deep Discovery Inspector’s network detections, and other related events as they occur over time. Designed to be integrated into your existing network topology, this is a transparent solution that integrates with Deep Discovery Director and Deep Discovery Inspector to provide advanced protection against cyber threats and attacks that could threaten your network. 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com * Installation and Deployment Guide: A PDF document that contains detailed instructions about requirements and procedures for installing and deploying Deep Discovery Director - Network Analytics. * Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com To download or view electronic versions of the documentation set for Deep Discovery Director, part of the integrated solution, go to http://docs.trendmicro.com To download or view electronic versions of the documentation set for Deep Discovery Inspector, part of the integrated solution, go to http://docs.trendmicro.com 3. System Requirements ======================================================================== ------------------- Integrated products ------------------- * Deep Discovery Director 3.0 or later * Deep Discovery Inspector 5.1 or later ----------------- Virtual appliance ----------------- Virtual machine with the following minimum specifications: * Hypervisor: VMware vSphere ESXi 6.5, Microsoft Hyper-V in Windows Server 2016 * Deep Discovery Director - Network Analytics is an appliance based on CentOS Linux 7 (64-bit) * Network interface card: 1 with 1 Gbps adapter * SCSI controller: LSI Logic Parallel * CPU: 1.8 GHz (8-12 cores) * Memory: 64 GB * Hard disk: 6 TB (thick provisioned) With this configuration and a typical enterprise level of network traffic, Deep Discovery Director - Network Analytics can service: * Up to 4 DDI-1000 devices * Up to 1 DDI-4K device With this storage capacity, the amount of time for which network data can be retained, and hence correlations are available is: * For 1 DDI-1000 device: 4-6 months * For 1 DDI-4K device: 40-45 days ------------------ Management console ------------------ * Google Chrome(TM) latest version * Mozilla(TM) Firefox(TM) latest version * Microsoft(TM) Internet Explorer(TM) latest version Recommended resolution: 1280 x 800 or higher 4. Upgrade Prerequisite ======================================================================== Deep Discovery Director - Network Analytics 3.0 Service Pack 1 contains a number of bug fixes. To upgrade to Deep Discovery Director - Network Analytics 3.0 SP1, you must be running the Deep Discovery Director - Network Analytics 3.0 GA release. 5. Deployment or Upgrade ======================================================================== 1. See Chapter 2 of the Installation and Deployment Guide for deployment instructions. 2. See Chapter 5 of the Installation and Deployment Guide for upgrade instructions. 6. Post-Deployment Configuration ======================================================================== See Chapter 3 of the Installation and Deployment Guide. 7. Known Issues ======================================================================== The following are the known issues in this release: 1. During initial installation, in the “Installation Destination” setting page, do NOT select “I will configure partitioning” because custom partitions could be created incorrectly. Please use the default option “Automatically configure partitioning”. 2. Issue: SMB network flow details might be empty in the incident report because of an error handling issue when handling large files or partial content from SMB clients. Solution: Apply Deep Discovery Inspector v5.1 Hotfix 1196 that will be released in August 2018. 3. When clicking on the correlation icon for a suspicious object in Deep Discovery Director's User Defined Suspicious Object (UDSO) list, Deep Discovery Director - Network Analytics might not display any correlations. The reason is that network activities for the UDSO were SMTP only or from a protocol that is not supported by Deep Discovery Director - Network Analytics. Supported protocols include: HTTP, FTP, SMTP, KRB5, SMB, RDP 4. If you use the Preconfiguration Console to make changes to the DNS settings or host name, the changes are lost after system reboot. Solution: Configure DNS settings and host name using the Management Console instead of the Preconfiguration Console. 5. Deep Discovery Director - Network Analytics does not currently support Deep Discovery Inspector detection SMTP events that contain malformed URLs. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, Deep Discovery, and Deep Discovery Director are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed on the Deep Discovery Director web console.