Deep Discovery Analyzer 6.9 Online Help

Collapse AllExpand All
  • account management [1]
  • Activation Code [1]
  • Active Directory Federation Services (AD FS) [1]
  • AD FS [1]
  • administration [1]
    • file passwords [1]
  • Advanced Threat Scan Engine [1] [2]
  • alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]
  • API key [1]
  • ATSE [1] [2]
  • average Virtual Analyzer queue time alert [1]
  • C&C list [1]
  • components [1]
  • configuration
    • management console [1]
  • contact management [1]
  • CPU usage alert [1]
  • critical alerts [1] [2]
  • customized alerts and reports [1]
  • dashboard [1] [2]
  • Deep Discovery Malware Pattern [1] [2]
  • detected message alert [1]
  • detection surge alert [1]
  • disk space alert [1]
  • documentation feedback [1]
  • email scanning
    • file passwords [1]
  • exceptions [1]
  • file passwords [1]
  • generated reports [1]
  • getting started
    • management console [1]
  • getting started tasks [1]
  • HTTPS certificate [1]
    • geenrate a certificate signing request [1]
    • import and replace certificate [1]
  • ICAP [1]
    • headers [1]
    • MIME content-types [1]
    • settings [1]
  • ICAP integration [1]
  • identity provider [1]
    • configure [1]
    • federation metadata file [1]
  • image import tool [1]
  • images [1] [2] [3]
  • important alerts [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]
  • import image [1]
  • informational alerts [1]
  • integration with other products [1]
  • IntelliTrap Exception Pattern [1] [2]
  • IntelliTrap Pattern [1] [2]
  • Internet Content Adaptation Protocol (ICAP) [1]
  • license [1]
  • license expiration alert [1]
  • log settings [1]
  • management console [1]
    • navigation [1]
    • session duration [1]
  • management console accounts [1]
  • message delivery alert [1]
  • Network Content Correlation Pattern [1]
  • Network Content Inspection Engine [1]
  • Network Content Inspection Pattern [1]
  • notification parameters [1]
  • OAuth 2.0 [1]
  • Okta [1]
  • on-demand reports [1]
  • preconfiguration console [1]
  • processing surge alert [1]
  • product integration [1]
  • reports [1] [2]
    • on demand [1]
  • report schedules [1]
  • SAML authentication [1]
    • Configuration overview [1]
    • Supported identity providers [1]
  • SAML integration
    • configuring identify provider settings [1]
  • sandbox analysis [1] [2]
  • sandbox error alert [1]
  • sandbox images [1] [2] [3]
  • sandbox instances [1]
  • sandbox management [1]
    • archive passwords [1]
    • images [1]
    • image status [1]
    • network connection [1] [2]
    • Virtual Analyzer status [1]
  • sandbox queue alert [1]
  • Script Analyzer Pattern [1]
  • Security Assertion Markup Language (SAML) [1]
  • service provider [1]
    • certificate [1]
    • metadata file [1]
  • service stopped alert [1]
  • Spyware/Grayware Pattern [1]
  • submissions [1]
  • support
    • resolve issues faster [1]
  • suspicious objects [1]
  • syslog server [1]
  • syslog settings
    • syslog server [1]
  • system maintenance [1]
    • back up tab [1]
      • configuration settings backup [1]
      • data backup [1]
    • cluster tab
    • nodes list [1]
    • restore tab [1]
  • system settings [1]
    • Network Tab [1]
    • Password Policy Tab [1]
    • power off / restart tab [1]
    • Proxy Tab [1]
    • Session Timeout Tab [1]
    • Time Tab [1]
  • tabs [1]
  • third-party licenses [1]
  • TLS [1]
  • tools [1]
  • unreachable relay MTA alert [1]
  • update completed surge [1]
  • update failed alert [1]
  • updates [1]
    • components [1]
    • firmware [1]
    • update settings [1]
  • Virtual Analyzer [1] [2]
    • file passwords [1]
    • image import tool [1]
    • import image [1] [2]
  • Virtual Analyzer Configuration Pattern [1]
  • Virtual Analyzer Sensors [1]
  • watchlist alert [1]
  • widgets [1] [2]
  • YARA rule file

Integration with Trend Micro Products Parent topic

Deep Discovery Analyzer integrates with the following Trend Micro products.
Related information

Sandbox Analysis Parent topic

Products that can send samples to Deep Discovery Analyzer for sandbox analysis:
Note
Note
All samples display on the Deep Discovery Analyzer management console, on the Submissions screen (Virtual AnalyzerSubmissions). Deep Discovery Analyzer administrators and investigators can also manually send samples from this screen.
  • Apex One as a Service
  • Apex One 2019
  • Deep Discovery Email Inspector 2.5 or later
  • Deep Discovery Inspector 3.7 or later
  • Deep Discovery Web Inspector 2.5
  • ScanMail for Microsoft Exchange 11.0 or later
  • ScanMail for IBM Domino 5.6 SP1 Patch 1 HF4666 or later
  • InterScan Messaging Security Virtual Appliance (IMSVA) 8.2 SP2 or later
  • InterScan Messaging Security Suite (IMSS) for Windows 7.5 or later
  • InterScan Web Security Virtual Appliance (IWSVA) 6.0 or later
  • InterScan Web Security Suite (IWSS) 6.5
  • InterScan Messaging Security Suite (IMSS) for Linux 9.1
  • Deep Security 10.0 or later
  • Deep Edge 2.5 SP2 or later
  • OfficeScan XG or later
  • Trend Micro Endpoint Sensor 1.6 or later
  • Trend Micro TippingPoint Security Management System 5.0 or later
  • Trend Micro Web Security 3.1
On the management console of the integrating product, go to the appropriate screen (see the product documentation for details on which screen to access) and specify the following information:
  • API key. This is available on the Deep Discovery Analyzer management console, in HelpAbout.
  • Deep Discovery Analyzer IP address. If unsure of the IP address, check the URL used to access the Deep Discovery Analyzer management console. The IP address is part of the URL.
  • Deep Discovery Analyzer IPv4 or IPv6 virtual address. When using Deep Discovery Analyzer in a high availability configuration, the virtual IP address is used to provide integrating products with a fixed IP address for configuration. This is available on the Deep Discovery Analyzer management console, in Administration System Settings High Availability.
  • Deep Discovery Analyzer SSL port 443. This is not configurable.
Important
Important
If the Deep Discovery Analyzer API key changes after registering with the integrated product, remove Deep Discovery Analyzer from the integrated product and add it again.
Note
Note
Some integrating products require additional configuration to integrate with Deep Discovery Analyzer properly. See the product documentation for details.
(Optional) On the Deep Discovery Analyzer management console, review and modify the weight values of integrated products to adjust Virtual Analyzer resource allocation. For details, see Submitters.

Suspicious Objects List Parent topic

Products that retrieve the suspicious objects list from Deep Discovery Analyzer:
  • Apex Central 2019
  • Deep Discovery Email Inspector 2.5 or later
  • Deep Discovery Inspector 3.7 or later
  • Deep Discovery Web Inspector 2.5
  • Standalone Smart Protection Server with the latest patch 2.6 or later
  • OfficeScan Integrated Smart Protection Server 10.6 SP2 Patch 1 to OfficeScan Integrated Smart Protection Server 11 SP1
  • InterScan Web Security Virtual Appliance (IWSVA) 6.0 or later
  • InterScan Web Security Suite (IWSS) 6.5
  • Control Manager 7.0 Patch 1 (with the latest hotfix installed)
  • Trend Micro Web Security 3.1
On the management console of the integrating product, go to the appropriate screen (see the product documentation for information on which screen to access) and specify the following information:
  • API key. This is available on the Deep Discovery Analyzer management console, in HelpAbout.
  • Deep Discovery Analyzer IPv4 or IPv6 address. If unsure of the IP address, check the URL used to access the Deep Discovery Analyzer management console. The IP address is part of the URL.
  • Deep Discovery Analyzer IPv4 or IPv6 virtual address. When using Deep Discovery Analyzer in a high availability configuration, the virtual IP address is used to provide integrated products with a fixed IP address for configuration. This is available on the Deep Discovery Analyzer management console, in Administration System Settings High Availability.
  • Deep Discovery Analyzer SSL port 443. This is not configurable.
  • Deep Discovery Analyzer user logon credentials. For details, see Accounts Tab.
Important
Important
If the Deep Discovery Analyzer API key changes after registering with the integrated product, remove Deep Discovery Analyzer from the integrated product and add it again.
Note
Note
Some integrating products require additional configuration to integrate with Deep Discovery Analyzer properly. See the product documentation for details.

Exceptions Parent topic

Products that send exceptions to Deep Discovery Analyzer:
  • Apex Central 8.0 Patch 1
  • Control Manager 7.0 Patch 1 (with the latest hotfix installed)
On the management console of the integrating product, go to the appropriate screen (see the product documentation for information on which screen to access) and specify the following information:
  • Deep Discovery Analyzer IPv4 or IPv6 address. If unsure of the IP address, check the URL used to access the Deep Discovery Analyzer management console. The IP address is part of the URL.
  • Deep Discovery Analyzer IPv4 or IPv6 virtual address. When using Deep Discovery Analyzer in a high availability configuration, the virtual IP address is used to provide integrated products with a fixed IP address for configuration. This is available on the Deep Discovery Analyzer management console, in Administration System Settings High Availability.
  • Deep Discovery Analyzer SSL port 443. This is not configurable.
  • Deep Discovery Analyzer user logon credentials. For details, see Accounts Tab.
Important
Important
If the Deep Discovery Analyzer API key changes after registering with the integrated product, then Deep Discovery Analyzer will need to be deleted from the integrated product and added again.
Note
Note
Some integrating products require additional configuration to integrate with Deep Discovery Analyzer properly. See the product documentation for details.