ebook img

Trend Micro Deep Discovery Advisor 3.0 Administrator's Guide PDF

544 Pages·2013·9.27 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Trend Micro Deep Discovery Advisor 3.0 Administrator's Guide

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx Trend Micro, the Trend Micro t-ball logo, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2013 Trend Micro Incorporated. All rights reserved. Document Part No.: APEM35919/130401 Release Date: April 2013 Patents pending The user documentation for Trend Micro Deep Discovery Advisor introduces the main features of the software and installation instructions for your production environment. Read through it before installing or using the software. Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micro’s website. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Table of Contents Preface Preface ............................................................................................................... vii Deep Discovery Advisor Documentation .................................................. viii Audience ........................................................................................................... viii Document Conventions ................................................................................... ix Terminology ....................................................................................................... ix Chapter 1: Introduction About Deep Discovery Advisor ................................................................... 1-2 New in this Release ........................................................................................ 1-2 Chapter 2: Deploying Deep Discovery Advisor Deployment Overview ................................................................................... 2-2 Product Form Factor and Specifications ............................................ 2-2 Required Network Environment ......................................................... 2-3 Product Virtual Machines ..................................................................... 2-4 Network Settings .................................................................................... 2-6 Cluster Deployment ............................................................................... 2-9 Deployment Requirements and Checklists ............................................... 2-12 Deployment Tasks ........................................................................................ 2-21 Task 1: Mounting the Device ............................................................. 2-21 Task 2: Connecting the Device to Power Supplies ......................... 2-21 Task 3: Accessing the VMware ESXi Server Console .................... 2-22 Task 4: Verifying the VMware ESXi Server IP Settings and Changing the Password ......................................................................................... 2-25 Task 5: Connecting the Device Ports to the Network Ports ......... 2-28 Task 6: Using vSphere Client to Log on to the VMware ESXi Server .................................................................................................................. 2-33 Task 7: Assigning the VMware ESXi Server a License Key .......... 2-39 i Deep Discovery Advisor 3.0 Administrator’s Guide Task 8: Synchronizing System Time with an NTP Server ............. 2-41 Task 9: Setting the System Time Zone ............................................. 2-46 Task 10: Preparing a Sandbox Image ................................................ 2-49 Task 11: Installing the Required Components and Software on the Sandbox Image ..................................................................................... 2-92 Task 12: Modifying Hardware Specifications for the Management Server and Sandbox Controller .......................................................... 2-98 Task 13: Installing Deep Discovery Advisor ................................. 2-102 Task 14: Configuring Slave Devices ................................................ 2-116 Chapter 3: Getting Started The Management Console ............................................................................ 3-2 Management Console Navigation ................................................................ 3-4 Getting Started Tasks ..................................................................................... 3-5 Licensing .................................................................................................. 3-6 Integration with Trend Micro Products and Services ....................... 3-9 Chapter 4: Dashboard Dashboard Overview ..................................................................................... 4-2 Tabs .................................................................................................................. 4-3 Predefined Tabs ...................................................................................... 4-3 Tab Tasks ................................................................................................. 4-3 New Tab Window .................................................................................. 4-4 Widgets ............................................................................................................. 4-5 Widget Types ........................................................................................... 4-5 Widget Tasks ........................................................................................... 4-5 Out-of-the-Box Widgets ....................................................................... 4-9 Advanced Investigation-driven Widgets ........................................... 4-23 Chapter 5: Virtual Analyzer Virtual Analyzer .............................................................................................. 5-2 Virtual Analyzer Submissions ....................................................................... 5-2 Manually Submitting Samples ............................................................ 5-14 ii Table of Contents Virtual Analyzer Suspicious Objects ......................................................... 5-16 Suspicious Objects Tab ....................................................................... 5-17 Exceptions Tab ..................................................................................... 5-20 Sandbox Management .................................................................................. 5-23 Overview Tab ....................................................................................... 5-24 Sandbox Groups Tab .......................................................................... 5-26 Settings Tab ........................................................................................... 5-27 Chapter 6: Investigation C&C Callback Events .................................................................................... 6-2 Callback Event Investigation ................................................................ 6-5 Affected Entities ........................................................................................... 6-16 Affected Entity Investigation ............................................................. 6-18 Advanced Investigation ............................................................................... 6-28 Advanced Investigation Overview .................................................... 6-28 The Search Bar ...................................................................................... 6-30 Smart Events ......................................................................................... 6-40 Visualization Tools ............................................................................... 6-46 Log View ................................................................................................ 6-98 Investigation Baskets ......................................................................... 6-102 Utilities ................................................................................................. 6-107 Chapter 7: Alerts and Reports Alerts ................................................................................................................. 7-2 Adding Alert Rules ................................................................................. 7-2 Alert Rules ............................................................................................... 7-5 Triggered Alerts ...................................................................................... 7-7 Alert Settings ......................................................................................... 7-16 Reports ........................................................................................................... 7-18 Standard Reports .................................................................................. 7-18 Advanced Investigation-driven Reports ........................................... 7-20 Report Templates ................................................................................. 7-32 Report Schedules .................................................................................. 7-37 Report Settings Windows .................................................................... 7-40 Generated Reports ............................................................................... 7-47 iii Deep Discovery Advisor 3.0 Administrator’s Guide Alerts and Reports Customization ............................................................. 7-52 Chapter 8: Logs and Tags Log Sources ..................................................................................................... 8-2 Syslog Settings ......................................................................................... 8-2 Log Settings ..................................................................................................... 8-3 GeoIP Tagging ................................................................................................ 8-4 Host Name Tab - GeoIP Tagging Screen .......................................... 8-6 IP/IP Range Tab - GeoIP Tagging Screen ...................................... 8-10 Asset Tagging ................................................................................................ 8-14 Host Name Tab - Asset Tagging Screen .......................................... 8-16 IP/IP Range Tab - Asset Tagging Screen ........................................ 8-20 Asset Types Window ........................................................................... 8-24 Asset Criticality Window ..................................................................... 8-27 Custom Tags ................................................................................................. 8-30 Chapter 9: Administration Component Updates ...................................................................................... 9-2 Account Management .................................................................................... 9-4 Add User Window .................................................................................. 9-6 Active Directory Profile Window ........................................................ 9-8 Contact Management ................................................................................... 9-12 Add Contact Window .......................................................................... 9-13 System Settings ............................................................................................. 9-14 Proxy Settings Tab ............................................................................... 9-15 SMTP Settings Tab .............................................................................. 9-16 Password Policy Tab ............................................................................ 9-18 Session Timeout Tab ........................................................................... 9-19 Active Directory Profiles Tab ............................................................ 9-19 Licensing ........................................................................................................ 9-20 About Deep Discovery Advisor ................................................................. 9-23 iv Table of Contents Chapter 10: The Preconfiguration Console Overview of Preconfiguration Console Tasks ......................................... 10-2 Preconfiguration Console Basic Operations ............................................ 10-3 Logging On to the Preconfiguration Console ......................................... 10-6 Logging Out of the Preconfiguration Console ........................................ 10-9 Chapter 11: Product Maintenance Updating the System Time Zone ............................................................... 11-2 Configuring Device Settings ....................................................................... 11-5 Updating the VMware ESXi Server Logon Credentials ................. 11-5 Updating the Management Server IP Address ................................ 11-8 Enabling/Disabling Internet Connection for Sandboxes ............ 11-11 Updating the NAT IP Address ........................................................ 11-13 Enabling Debug Logging .................................................................. 11-16 Disabling Debug Logging ................................................................. 11-19 Collecting Debug Logs ...................................................................... 11-20 Viewing the API Key ......................................................................... 11-22 Managing Logon Accounts for the Preconfiguration Console ... 11-24 Reconfiguring Sandboxes ................................................................. 11-30 Managing Slave Devices ............................................................................ 11-36 Adding Slave Devices from the Master Device ............................. 11-37 Updating the Management Server IP Address of a Slave Device from the Master Device .............................................................................. 11-41 Updating the VMware ESXi Server Logon Credentials of a Slave Device .................................................................................................. 11-43 Removing a Slave Device from the Cluster ................................... 11-47 Assigning the Master Device as a Slave Device ..................................... 11-50 Assigning a Slave Device as the Master Device ..................................... 11-52 Resetting Deep Discovery Advisor ......................................................... 11-53 Using the Recovery USB Device ............................................................. 11-61 Appendix A: Additional Resources v Deep Discovery Advisor 3.0 Administrator’s Guide About Sandbox Groups ................................................................................ A-2 Categories of Notable Characteristics ........................................................ A-3 Deep Discovery Inspector Rules .............................................................. A-11 Index Index .............................................................................................................. IN-1 vi Preface Preface Welcome to the Trend Micro™ Deep Discovery Advisor Administrator’s Guide. This guide contains information about product settings and service levels. vii Deep Discovery Advisor 3.0 Administrator’s Guide Deep Discovery Advisor Documentation Deep Discovery Advisor documentation includes the following: DOCUMENTATION DESCRIPTION Administrator’s A PDF document that discusses getting started information and Guide helps administrators plan for deployment and configure all product settings Quick Start Provides an overview of the Deep Discovery Advisor device and a Guide list of requirements to deploy the device successfully Help HTML files that provide "how to's", usage advice, and field-specific information Readme file Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the other documents. Knowledge Base An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com View and download product documentation at: http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx Audience The Deep Discovery Advisor documentation is written for IT administrators and security analysts. The documentation assumes that the readers have an in-depth knowledge of Deep Discovery Advisor. The document does not assume the reader has any knowledge of threat event correlation. viii

Description:
Task 12: Modifying Hardware Specifications for the Management. Server and Sandbox Controller . Viewing the API Key . 7.2GT/s QPI, Turbo, 6C 95W. Memory. 48GB Preconfiguration console: A Bash-based. (Unix shell)
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.