Deep Discovery Director Tab

Trend Micro Deep Discovery Director is a management solution that provides Indicators of Compromise (IOC) information and enables centralized deployment of product updates, product upgrades, configuration replication and Virtual Analyzer images to Deep Discovery Analyzer.

Deep Discovery Analyzer integrates with the following versions of Deep Discovery Director:

  • On-premises version 5.2 and above

  • Cloud version

Deploying updates or upgrades to Deep Discovery Analyzer appliances that are configured in a high availability cluster will temporarily:

  • Detach the high availability appliances and suspend high availability

  • Restrict access to the management console and display a static information screen

After the update or upgrade completes, the detached appliances will automatically reattach and restore high availability.

Important:
  • Before deploying updates or upgrades, ensure that the appliances are not executing any task.

  • Avoid detaching appliances while an upgrade is in progress.

  • If the appliances fail to upgrade or continue to show the Upgrading Appliance screen for more than two hours, check Deep Discovery Director for errors. To resolve errors, temporarily detach the appliances. Detached appliances continue to upgrade. After the upgrade, manually attach the appliances again to restore high availability.

Use the Deep Discovery Director management console to deploy or replicate a Virtual Analyzer image or configuration to a primary appliance. This is not required for secondary appliances since they are set to automatically sync Virtual Analyzer images or configuration from the primary appliance.

Deep Discovery Analyzer supports integration with Deep Discovery Director to enable the following:

  • Upload of suspicious objects generated by the internal Virtual Analyzer to Deep Discovery Director

  • Synchronization of generated and user-defined suspicious objects

  • Linux image deployment from Deep Discovery Director 5.3

  • Download of the following from Deep Discovery Director:

    • Exceptions

    • Suspicious objects

    • YARA rule files

    • File passwords (Deep Discovery Director on-premises version 5.2 and above)

Note:
  • After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes YARA rule settings from Deep Discovery Director and overwrites existing YARA rule settings that you have configured.

  • After you register Deep Discovery Analyzer to Deep Discovery Director, Deep Discovery Analyzer automatically synchronizes file passwords from Deep Discovery Director and overwrites existing file passwords that you have configured. You can only change the file passwords on the Deep Discovery Director management console.

  • If you register Deep Discovery Analyzer to both Deep Discovery Director and Apex Central, Deep Discovery Analyzer synchronizes exception lists only from Deep Discovery Director, and uploads Virtual Analyzer Suspicious Objects only to Deep Discovery Director. You can check the synchronization status on the Deep Discovery Director management console. For more information, see the Deep Discovery Director Administrator's Guide.

The Deep Discovery Director screen displays the following information:

Table 1. Deep Discovery Director Fields

Field

Information

Status

The following appliance statuses can be displayed:

  • Not registered: The appliance is not registered to Deep Discovery Director.

  • Registered | Connected: The appliance is registered and connected to Deep Discovery Director.

  • Registered | Unable to connect: The appliance is registered to Deep Discovery Director, but unable to connect. Verify that the Deep Discovery Director network settings are valid.

  • Registered | Untrusted fingerprint: The appliance is registered to Deep Discovery Director, but the connection was interrupted. To restore the connection, trust the new fingerprint.

Last connected

The last time this appliance connected to Deep Discovery Director.

Host name

The host name of this appliance.

Server address

The Deep Discovery Director server address.

Note:

This field is displayed for the on-premises version of Deep Discovery Director.

Port

The Deep Discovery Director port.

Note:

This field is displayed for the on-premises version of Deep Discovery Director.

API key

The Deep Discovery Director API key.

Note:

This field is displayed for the on-premises version of Deep Discovery Director.

Registration token

The registration token for the cloud version of Deep Discovery Director.

Fingerprint (SHA-256)

The Deep Discovery Director fingerprint.

Note:

This field is not available for the cloud version of Deep Discovery Director.

Use the system proxy settings

Select to use the system proxy settings to connect to Deep Discovery Director.

Synchronize suspicious objects from Deep Discovery Director

Select this option synchronize suspicious objects from Deep Discovery Director.