Integrating Threat Investigation Center

The following steps integrate Threat Investigation Center via a built-in agent.

Additional steps may need to be performed on Threat Investigation Center. For details, see the Threat Investigation Center documentation.

Procedure

Open the Deep Discovery Inspector management console, and go to the Administration → Integrated Products/Services → Threat Investigation Center.

The Threat Investigation Center screen appears.
Click Add.

The Add Threat Investigation Center Server window appears.
Select Enabled.
In Server address, type the HTTPS log server address for Threat Investigation Center.

(Optional) Enable File retrieval.

Note

When file retrieval is enabled, Threat Investigation Center collects the investigation package and packet capture files from Deep Discovery Inspector. This feature is available when Deep Discovery Inspector is registered to Threat Investigation Center.

(Optional) Enable Use CA certificate and then click Select to select the Threat Investigation Center CA certificate.

Note

Using a CA certificate is optional. A certificate is necessary when there is a man-in-the-middle appliance between the Threat Investigation Center server and Deep Discovery Inspector.

(Optional) Enable Use the system proxy settings.

Note

Configure the system proxy settings at Administration → System Settings → Proxy.

(Optional) Click Test Connection to verify the connection to the Threat Investigation Center server.
Click Save.

$('#title').html($('meta[name=description]').attr('content'));