Trend Micro Deep Discovery Director is a management solution that provides Indicators of Compromise (IOC) information and enables centralized deployment of product updates, product upgrades, configuration replication and Virtual Analyzer images to Deep Discovery Analyzer.
Deep Discovery Analyzer integrates with the following versions of Deep Discovery Director:
-
5.2 and above
Deploying updates or upgrades to Deep Discovery Analyzer appliances that are configured in a high availability cluster will temporarily:
-
Detach the high availability appliances and suspend high availability
-
Restrict access to the management console and display a static information screen
After the update or upgrade completes, the detached appliances will automatically reattach and restore high availability.
-
Before deploying updates or upgrades, ensure that the appliances are not executing any task.
-
Avoid detaching appliances while an upgrade is in progress.
-
If the appliances fail to upgrade or continue to show the Upgrading Appliance screen for more than two hours, check Deep Discovery Director for errors. To resolve errors, temporarily detach the appliances. Detached appliances continue to upgrade. After the upgrade, manually attach the appliances again to restore high availability.
Use the Deep Discovery Director management console to deploy or replicate a Virtual Analyzer image or configuration to a primary appliance. This is not required for secondary appliances since they are set to automatically sync Virtual Analyzer images or configuration from the primary appliance.
Deep Discovery Analyzer supports integration with Deep Discovery Director to enable the following:
-
Upload of suspicious objects generated by the internal Virtual Analyzer to Deep Discovery Director
-
Linux image deployment from Deep Discovery Director 5.3
-
Download of the following from Deep Discovery Director:
-
Exceptions
-
Suspicious objects (user-defined and synchronized)
-
YARA rule files
-
File passwords (Deep Discovery Director on-premises version 5.2 and above)
-
-
After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes YARA rule settings from Deep Discovery Director and overwrites existing YARA rule settings that you have configured.
-
After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes file passwords from Deep Discovery Director and overwrites existing file passwords that you have configured. You can only change the file passwords on the Deep Discovery Director management console.
-
If you register Deep Discovery Analyzer to Trend Vision One, Deep Discovery Director, and Trend Micro Apex Central, Deep Discovery Analyzer synchronizes data with the integrated products in the following priority:
-
Download exception list: Trend Vision One, Deep Discovery Director, Trend Micro Apex Central
-
Upload Virtual Analyzer-generated suspicious objects: Trend Vision One, Deep Discovery Director, Trend Micro Apex Central
-
Download Virtual Analyzer-generated and user-defined suspicious objects: Trend Vision One, Deep Discovery Director
-
The Deep Discovery Director screen displays the following information:
|
Field |
Information |
|---|---|
|
Status |
The following appliance statuses can be displayed:
|
|
Last connected |
The last time this appliance connected to Deep Discovery Director. |
|
Host name |
The host name of this appliance. |
|
Server address |
The Deep Discovery Director server address. |
|
Port |
The Deep Discovery Director port. |
|
API key |
The Deep Discovery Director API key. |
|
Fingerprint (SHA-256) |
The Deep Discovery Director fingerprint. |
|
Use the system proxy settings |
Select to use the system proxy settings to connect to Deep Discovery Director. |
|
Synchronize suspicious objects from Deep Discovery Director |
Select this option synchronize suspicious objects from Deep Discovery Director. |