Deep Discovery Director (Internal
Network Analytics Version) includes the following features:
|
Feature or Benefit
|
Details
|
|
MITRE ATT&CK™ Framework
Tactics and Techniques information
|
Deep Discovery Director (Internal
Network Analytics Version)
detection details and analysis reports include MITRE ATT&CK™ framework Tactics and Techniques information.
|
|
Advanced threat analysis
|
Deep Discovery Director (Internal
Network Analytics Version)
seamlessly combines the management capabilities of Deep Discovery Director and the data
correlation capabilities of Deep Discovery Director - Network
Analyticsinto one server.
|
|
Deep Discovery Inspector log aggregation
|
Deep Discovery Director (Internal
Network Analytics Version) aggregates Deep Discovery Inspector detection logs. Using the same intuitive multi-level format,
the Deep Discovery Director (Internal
Network Analytics Version) management console
provides real-time threat visibility and analysis. This allows security professionals
to
focus on the real risks, perform forensic analysis, and rapidly implement containment
and
remediation procedures.
|
|
Product intelligence
|
Deep Discovery Director (Internal
Network Analytics Version) consolidates suspicious objects and C&C callback addresses
from registered Deep Discovery appliances.
|
|
Custom intelligence
|
Deep Discovery Director (Internal
Network Analytics Version) can distribute YARA rules to registered appliances and import
threat intelligence using the Structured Threat Information eXpression (STIX 1.x,
2.0)
format. You can also add user-defined suspicious objects that have not yet detected
on your
network, as well as exceptions that you consider harmless.
|
|
Feed management
|
Deep Discovery Director (Internal
Network Analytics Version) allows you to subscribe to and monitor intelligence feeds for
threat information that can be used to complement your product and custom intelligence.
|
|
Threat intelligence sharing
|
Deep Discovery Director (Internal
Network Analytics Version) can share threat intelligence data with other products or services
through TAXII (1.x, 2.0), OpenDXL, and HTTP or HTTPS web service.
|
|
Auxiliary products and services
|
To help provide effective detection and
blocking at the perimeter, Deep Discovery Director (Internal
Network Analytics Version) can distribute threat intelligence data to auxiliary products and
services.
|
|
File passwords syncing
|
Deep Discovery Director (Internal
Network Analytics Version) can
configure and sync File Passwords settings with registered Deep Discovery Analyzer appliances.
|
|
Dashboard
|
The Dashboard screen and Deep Discovery appliance widgets allow administrators to view network integrity and
system threat data.
|
|
Detections
|
The Detections
screen provides access to real-time information about various detection categories.
|
|
Syslog
|
The Syslog screen allows
Deep Discovery Director (Internal
Network Analytics Version) to send suspicious
objects lists and detection and appliance related logs in CEF and LEEF to up to three
Syslog servers.
|
|
System alerts
|
Administrators can view the details of triggered alerts
directly on the management console. Custom rules can be created to be alerted of specific
threats.
|
|
Reports
|
Deep Discovery Director (Internal
Network Analytics Version) can
generate scheduled and on-demand Network Security reports.
|
|
Simple Network Management Protocol
|
Deep Discovery Director (Internal
Network Analytics Version)
supports Simple Network Management Protocol (SNMP) and can use it to send SNMP trap
messages
to notify administrators about events that require attention, and to listen to SNMP
manager
requests for system information and status updates.
|
|
Role-based access control
|
Built-in roles allow administrators to control which
management console screens and features can be accessed. Custom roles can be created
to
control which appliances a role can see and manage, and which email message detections
a
role can see.
|
|
Storage configuration
|
Administrators can add extra available disk space to Deep Discovery Director (Internal
Network Analytics Version) partitions to increase the
number of logs or repository files that can be stored.
|
|
Directory
|
The Directory displays
information about Deep Discovery appliances
that are registered to Deep Discovery Director (Internal
Network Analytics Version).
|
|
Plans
|
Plans define the scope and schedule of deployments to target
appliances.
|
|
Repository
|
The Repository screen
displays all update, upgrade, and Virtual Analyzer image files
hosted by the server. Upload and delete files from here.
|
|
Component updates
|
Deep Discovery Director (Internal
Network Analytics Version) uses components to display related information about
detections.
|
|
Updates
|
The Updates screen
enables you to install hotfixes, patches and firmware upgrades to Deep Discovery Director (Internal
Network Analytics Version). After an official product
release, Trend Micro releases system updates to
address issues, enhance product performance, or add new features.
|
|
LDAP server integration
|
Deep Discovery Director (Internal
Network Analytics Version)
allows LDAP accounts to access the management console.
|
|
SAML for single sign-on (SSO)
|
Deep Discovery Director (Internal
Network Analytics Version) supports the Security Assertion Markup Language (SAML)
authentication standard using Okta and Active Directory Federation Services (ADFS)
identify
providers to allow users to single sign-on to the Deep Discovery Director (Internal
Network Analytics Version) console when they sign in
to their organization's portal.
|
|
System Logs
|
Deep Discovery Director (Internal
Network Analytics Version) maintains system logs that provide summaries about user access,
setting changes, and other configuration modifications that occurred using the management
console.
|
|
Trend Micro Apex
Central™ integration
|
Deep Discovery Director (Internal
Network Analytics Version)
integrates with Trend Micro Apex Central for
the express purpose of retrieving endpoint analysis reports to provide Deep Discovery Director - Network Analytics
as a Service with even more data for more thorough advanced threat
analysis.
|
|
Web API access
|
Deep Discovery Director (Internal
Network Analytics Version) now
allows the creation of user accounts that are only allowed system access via web API.
Web
API can be used to automate certain threat intelligence related tasks.
|