Open in app

Sign in

Write

Sign in

SOCFortress Integrations — Trend Micro Deep Discovery Inspector (DDI)

SOCFortress
3 min readSep 10, 2024

--

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Trend Micro Deep Discovery Inspector (DDI) events and alerts using a single pane of glass.

About Trend Micro Deep Discovery Inspector (DDI)

Trend Micro Deep Discovery Inspector (DDI) is a network security solution designed to detect and respond to advanced cyber threats, including zero-day exploits, ransomware, and targeted attacks. It provides in-depth visibility into network traffic to identify threats that traditional security measures might miss.

DDI provides full visibility into network activity, identifying threats across multiple stages of an attack.

Key Features:

  • Network Traffic Analysis: DDI monitors all ports and protocols, capturing both inbound and outbound traffic, including lateral movement within a network.
  • Advanced Threat Detection: It uses a combination of techniques like signature-based detection, behavioral analysis, and sandboxing to identify unknown malware, ransomware, and advanced persistent threats (APTs).
  • Sandboxing: Suspicious files or URLs are sent to a sandbox environment where they are executed and analyzed to determine if they are malicious, without impacting the live environment.
  • Real-Time Threat Intelligence: DDI integrates with Trend Micro’s Smart Protection Network, a global threat intelligence system, to provide up-to-date protection against emerging threats.
  • Custom Sandbox Environment: It allows users to create customized sandboxes to simulate specific environments, enabling detection of threats that are tailored to evade general sandboxing techniques.
  • Integration: It works well with other security tools, such as SIEM (Security Information and Event Management) systems, to enhance an organization’s security posture. It can also share intelligence across the security ecosystem to improve incident response and coordination.
  • Attack Correlation: DDI can correlate different events across the network to provide a clear picture of an attack chain, helping security teams understand the scope and intent of attacks.
  • Deep Packet Inspection (DPI): It inspects network traffic at the packet level to identify threats hidden in various protocols, such as HTTP, FTP, and SMTP.

DDI is particularly useful for detecting advanced persistent threats that may be targeting sensitive information. It also provides proactive detection and containment of ransomware before it encrypts data.

Ingesting TrendMicro DDI Logs and Events

To forward logs and events from Trend Micro Deep Discovery Inspector (DDI) to a log collector/SIEM system:

  • Log in to the Trend Micro Deep Discovery Inspector web console using administrator credentials.
  • Configure Syslog Settings on DDI: Go to Administration > Notifications > Syslog Servers in the DDI management console.
  • Add a Syslog Server and select syslog format: DDI allows you to configure CEF or LEEF.
  • Define Log Types

Visualizations

Landing page:

Events by category, severity, labels, etc:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

Trend Micro
Siem
Threat Intelligence
Networking

--

--

SOCFortress
SOCFortress

Written by SOCFortress

3.7K Followers
2 Following

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams