You can integrate Deep Discovery Analyzer with Trend Vision One for threat intelligence sharing through a Service Gateway and receive samples for analysis through the Sandbox Analysis app.
- On the Trend Vision One console, go to Workflow and Automation > Service Gateway Management. If available, click the Service Gateway Management 2.0 tab.
-
If you do not have an existing Service Gateway deployed, install a Service
Gateway.
- Click Download Virtual Appliance to open the Service Gateway Virtual Appliance panel.
- Select either VMware ESXi (OVA) or Microsoft Hyper-V (VHD) as the image type you want to use.
- Select I agree to the End User License Agreement and click Download Disk Image.
- Record the Registration Token that you need to apply during deployment.
-
Install the Service Gateway virtual appliance.
For detailed deployment instructions, see Deploying a Service Gateway Virtual Appliance.
- Click the Service Gateway name.
- Click Manage Services.
-
Click the install icon to install and then enable the following services.
Service
Description
Forward proxy
Required for the Sandbox Analysis integration function that allows Deep Discovery Analyzer to perform the following:
-
Receive samples from Trend Vision One
-
Send analysis reports (for only samples received from Trend Vision One) to Trend Vision One
Suspicious Object list synchronization
Required for the Suspicious Objects synchronization function that allows Deep Discovery Analyzer to perform the following:
-
Synchronize the centralized Suspicious Object List and Exception List from Trend Vision One
-
Send analysis reports (for detected samples with a risk level) to Trend Vision One
-
-
Record the Service Gateway IP address and the API key that are needed for
connection settings on the Deep Discovery Analyzer console.
-
IP address: Click the Service Gateway name and record the IPv4 address or IPv6 address.
-
API key: Click the Manage API Key button and record the API key.
-
- On the Deep Discovery Analyzer web console, go to Administration > Integrated Products/Services and click Trend Vision One.
- Select Enable Service Gateway connection and type the IPv4 or IPv6 address of the Service Gateway in the Service Gateway IP address field.
-
To connect to Trend Vision One through the Service Gateway for threat
intelligence data sharing, do the following:
- Select Enable Suspicious Object Synchronization.
- Specify the API key you obtained from the Trend Vision One console.
- If a certificate is required for Deep Discovery Analyzer to communicate with the Service Gateway, select Use certificate and click Select to locate the certificate file.
- Click Test Connection to verify.
- Click Save.
- Wait until synchronization with the Service Gateway completes.
-
To have Deep Discovery Analyzer receive and analyze samples from Trend Vision One, do the following:
Note:
Sandbox Analysis integration requires Service Gateway 2.0 or later.
- On the Trend Vision One console, go to Point Product Connection > Product Connector.
- Click Connect.
- In the Product name field, select Trend Micro Deep Discovery Analyzer.
- Click the link to generate an enrollment token.
- Copy the enrollment token for use on the Deep Discovery Analyzer web console.
- Click Save.
- On the Deep Discovery Analyzer web console, go to Administration > Integrated Products/Services and click Trend Vision One.
- Select Enable Sandbox Analysis integration.
- Paste the enrollment token you obtained from the Product Connector in Trend Vision One.
-
Click Save.
After Deep Discovery Analyzer is registered to Trend Vision One, the Test Connection button appears.
- On the Trend Vision One console, go to Threat Intelligence > Sandbox Analysis.
- Click Submission Settings and select Use your Deep Discovery Analyzer instead of Sandbox Analysis sandbox.