# Deep Security Administration > System Settings ## Agents #### Hostnames (ip或主機名稱變動時) :::success - [ ] Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery(如果在Agent/設備啟動的通信或發現後檢測到電腦的IP發生變化，則更新"主機名"條目) ::: #### Agent-Initiated Activation (可搭配Support > Deployment Scripts 設定，使用戶端安裝完成後，直接到DSM報到並套上Policy和群組) :::info - [ ] Allow Agent-Initiated Activation - [ ] For Any Computers (適用於任何電腦) - [ ] For Existing Computers (對現有電腦) - [ ] For Computers on the following IP List (對於以下IP清單中的電腦): None - Policy to assign (if Policy not assigned by activation script)(要分配的策略，如果未激活策略腳本):None - [ ] Allow Agent to specify hostname(允許Agent指定主機名稱) - If a computer with the same name already exists(如果同名稱電腦已存在):Re-activate the existing Computer(重新激活現有電腦) - [ ] Reactivate cloned Agents(重新激活cloned agent) - [ ] Reactivate unknown Agents(重新激活未知agent，如果用戶端與此DSM通信，則自動重新啟動用戶端) - Agent activation token(agent激活令牌): :::  #### Agent Upgrade (Agent 升級:啟用啟動升級後，Agent將在下次啟動期間自動升級。可以使用Agent版本控制功能為升級配置目標Agent版本) :::warning - [ ] Automatically upgrade Linux agents on activation 啟動時自動升級Linux Agent - [ ] Automatically upgrade Windows agents on activation 啟動時自動升級Windows Agent - [ ] Automatically upgrade Unix agents on activation 啟動時自動升級Unix Agent(目前不支援在Unix平台上使用啟動時升級) ::: #### Inactive Agent Cleanup (非活動agent清理:在設定的時間段後刪除非活動agent。可以提高性能和報告準確性。) :::danger - [ ] Delete Agents that have been inactive for(刪除已處於非活動狀態的agent):1 Month(預設) - 注意:刪除代理將從中刪除分配給它的任何策略。任何與代理的直接連結都將從 Deep Security Manager 事件數據中移除。 - 警告:未啟用重新啟動未知代理。如果刪除了非活動用戶端，則在與 Deep Security Manager 通信時，它不會自動重新啟動。 ::: #### Data Privacy 資料隱私 :::success - Allow packet data capture in network events 允許在網路事件中捕獲數據包數據(確定agent是否捕獲和發送數據包數據做為入侵防禦和防火牆事件的一部份):No/Yes(excluding encrypted traffic 不包括加密流量)/Yes(all traffic 所有流量) ::: #### Agentless vCloud Protection 無agent vCloud保護 :::info - [ ] Allow Appliance protection of vCloud VMs 允許對vCloud虛擬機進行設備保護 :::  ## Alerts 告警(調整客製化告警事件) #### Alerts :::warning - [ ] Configure Alerts...(警報配置)，客製化調整警報(開關、嚴重性) - Length of time an Update can be pending before raising an Alert (更新處於等待狀態的時間長度，超過這個時間後，系統會發出警報):7 Days(預設) ::: #### Alert Event Forwarding (From The Manager) 警示事件轉發（來自管理員） :::danger - Alert Email Address - The email address to which all emails should be sent(警示電子郵件地址 - 所有警報電子郵件應送出到的電子郵件地址): - 注意:使用個別使用者的屬性對話框設置電子郵件通知的附加收件人。可以通過操作個別使用者的屬性對話框，來指定額外的收件人，以接收有關該特定使用者的電子郵件通知。  ::: ## Contexts (互聯網連接測試) #### Internet Connectivity Test 互聯網連接測試 :::success - URL for testing Internet Connectivity Status （用於測試互聯網連接狀態的URL）(http://):該URL用於執行互聯網連接測試 - Regular Expression for returned content used to confirm Connectivity(用於確認連接的返回內容的正則表達式):用於檢查從互聯網連接測試返回的內容，以確認連接的狀態。 - Test Interval(測試間隔):10 Seconds，系統將每隔10秒執行一次測試，以檢查互聯網連接的狀態。  ::: ## Event Forwarding (SIEM、Amazon SNS、SNMP) #### SIEM 安全信息和事件管理 (https://hackmd.io/@Williamshieh/SJ6N4QAcT) :::info - Forward System Events to a remote computer (via Syslog) using configuration 使用設定將系統事件轉發到遠端電腦（透過 Syslog）:None(預設)    ::: #### Amazon SNS (https://docs.aws.amazon.com/zh_tw/sns/latest/dg/sns-dg.pdf#welcome) (https://help.deepsecurity.trendmicro.com/20_0/on-premise/event-sns.html?Highlight=Amazon%20SNS) :::warning - [ ] Publish Events to Amazon - Simple Notification Service - Access Key - The Access Key of an AWS User with access to the SNS Topic:(存取金鑰-具有訪問SNS權限的AWS使用者存取金鑰) - Secret Key - The Secret Key of an AWS User with access to the SNS Topic:(密鑰-具有訪問SNS權限的AWS使用者金鑰) - SNS Topic ARN: - - [ ] Test credentials and send notification(測試憑證並發送通知) - Event types to forward:(需轉發的事件) - - [x] System Events (系統事件) - - [x] Anti-Malware Events(反惡意軟體事件) - - [x] Web Reputation Events(網頁信譽事件) - - [x] Device Control Events(設備控管事件) - - [x] Application Control(應用程式控管) - - [x] Integrity Events(異動監控事件) - - [x] Log Inspection Events(日誌審查事件) - - [x] Firewall Events(防火牆事件) - - [x] Intrusion Prevention Events(入侵防護事件)  ::: #### SNMP (https://hackmd.io/@Williamshieh/SJ6N4QAcT) :::danger - [ ] Forward System Events to a remote computer(via SNMP) 將系統事件轉發到遠端計算機（透過 SNMP） - Hostname or IP address to which events should be sent:(事件應該發送到的主機名稱或 IP 地址) - UDP port to which events should be sent:162(事件應該發送到的 UDP port：162)  ::: ## Ranking (功能設定調整風險值) #### Web Reputation Event Risk Values 網頁信譽評等規則風險值 :::success - Dangerous:100 - Highly Suspicious:50 - Suspicious(可疑):25 - Blocked By Administrator(被封鎖):100 - Untested(未經測試):25 ::: #### Integrity Monitoring Rule Severity Values 異動監控規則風險值 :::info - Critical:100 - High:50 - Medium:25 - Low:1 :::  #### Log Inspection Rule Severity Values 日誌審查規則風險值 :::warning - Critical:100 - High:50 - Medium:25 - Low:1 ::: #### Firewall Rule Severity Values 防火牆規則風險值 :::danger - Deny:100 - Log Only:1 - Packet Rejection:50 :::  #### Intrusion Prevention Rule Severity Values 入侵防禦規則風險值 :::success - Critical:100 - High:50 - Medium:25 - Low:1 - Error:100  ::: #### Asset Values :::info - [ ] View Asset Values...  ::: ## System Events 系統事件 #### System Events 系統事件 - 調整系統判定的系統事件，僅記錄或轉發。 ## Security 安全(鎖定、密碼) #### User Security 使用者安全 :::warning - Session idle timeout 閒置超時鎖定:30mins(預設) - Maximum session duration 最長會話持續時間:No Limit(預設) - Number of incorrect sign-in attempts allowed 允許錯誤登入嘗試次數 (before lock out 鎖定前):5(預設) - Number of concurrent sessions allowed per User 每個使用者允許的併發工作階段數:10(預設) - Action when concurrent session limit is exceeded 超出併發工作階段限制時的操作:Block new sessions - User password expires 使用者密碼過期:Never(預設) - User password minimum length 使用者密碼最小長度:8(預設) - [x] User password requires both letters and numbers 用戶密碼需要字母和數字 - [x] User password requires both upper and lower case characters 用戶密碼需要大寫和小寫字元 - [x] User password requires non-alphanumeric characters 用戶密碼需要非字母數字字元 - [x] User password cannot match username or username spelled backward 用戶密碼不能與使用者名或向後拼寫的使用者名匹配 - [ ] Send email when a user's password is about to expire 在用戶密碼即將過期時發送電子郵件  ::: #### Identity Providers :::danger - Warn when the Deep Security Manager SAML Service Provider certificate will expire within 當 Deep Security Manager SAML 服務提供者憑證在（天數）30天內到期時發出警告(days):30， - Warn when a SAML identity provider certificate will expire within 當 SAML 身份提供者憑證在（天數）30天內到期時發出警告(days):30 - Automatically delete inactive identity provider users after 在（天數）365天後自動刪除不活躍的身份提供者使用者(days):365  ::: #### Sign-In Page Message - 登錄頁面消息 #### Terms and Conditions 條款及細則 - [ ] User must agree to the terms and conitions用戶必須同意條款和條件  #### Trusted Certificates 信任憑證 - [ ] View Certificate List... #### HTTP Strict Transport Security :::success - [ ] Enable HTTP Strict Transport Security - 警告：啟用嚴格的傳輸安全性將導致合規的瀏覽器阻止對 Deep Security 的訪問，如果您尚未使用受信任的憑證替換默認憑證。 ::: #### HTTP Public Key Pin Policy :::info - [ ] Report only (僅報告) - 注意：您可以將指令放在單獨的行上。在策略中，這些行將由 ";" 分隔。 ::: #### AWS Security Options (AWS 安全選項) :::warning - [ ] Enable retrieval and viewing of AWS External ID(啟用AWS外部ID的檢索和查看)  ::: ## Updates 更新(更新來源) #### Security Updates 安全更新 :::danger ##### Primary Security Update Source 主要安全更新來源 - [x] Trend Micro Update Server 更新伺服器(http://ipv6-iaus.trendmicro.com/iau_server.dll/) - **ApexOne上是輸入server.ini查詢更新連線狀態，DS的待查詢** - [ ] Other update source http:// ::: :::success ##### Secondary Source 次要來源 - [ ] Allow Agents/Appliances to download security update directly from Primary Security Update Source if Relays are not accessible(如果無法訪問至中繼站，則允許Agent/設備直接從主要安全更新來源下載安全更新) - [ ] Allow Agents/Appliances to download security updates when Deep Security Manager is not accessible(允許Agent/設備在無法訪問DSM時下載安全更新) ::: :::info ##### Rules - [ ] Automatically apply Rule Updates to Policies(自動將規則更新應用於策略) ::: :::info ##### Relays - [ ] Download Patterns for all Regions(所有區域的下載模式) :::  #### Software Updates 軟體更新 :::warning ##### Trend Micro Download Center - [ ] Automatically download updates to imported software 自動下載導入軟體的更新 - [ ] Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible 當DSM無法訪問時，允許中繼從趨勢科技下載中心下載軟體更新 - Alternate software update distribution server(s) to replace Deep Security Relays 取代趨勢科技伺服器深度安全防護系統中繼的備用軟體更新分發伺服器: - 注意:有關如何配置自己的軟體更新分發伺服器的資訊，請參閱連線説明中的「配置軟體更新伺服器」。 ::: :::danger ##### Virtual Appliance Depolyment 虛擬設備部署 - To enable this option, import a Deep Security Virtual Appliance image. 要啟用此選項，請導入DS虛擬設備映像。 - Upon deployment, update Deep Security Virtual Appliances to...(部署後，將DS虛擬設備更新為...): :::  ## Smart Feedback #### Smart Feedback :::success - When enabled, Trend Micro Smart Feedback shares protected threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats. You can disable Smart Feedback anytime through this console.啟用後，趨勢科技智慧反饋會與雲安全智慧防護網路共用受保護的威脅資訊，從而使趨勢科技能夠快速識別和解決新威脅。您可以隨時通過此控制台禁用智能反饋。 - [ ] Enable Trend Micro Smart Feedback (recommended)開啟趨勢科技智慧回饋（推薦） - Your industry 選擇行業(optional): - [ ] Send suspicious file signatures along with feedback 發送可疑檔簽名以及反饋 - Send feedback every 5 minutes, or every 10 detections, whichever comes first.Maximum bandwidth: 32 KBps 每 5 分鐘發送一次反饋，或每檢測到 10 次，以先到者為準。最大寬頻：32 KBps  ::: ## Trend Vision One :::info #### Registration 註冊 - Enrollment status:Not registered - [ ] Register enrollment token #### Security Events Forwarding 安全事件轉發 - [ ] Forward security events to Trend Vision One 將安全事件轉發到Trend Vision One #### Activity Data Forwarding 活動數據轉發 - To forward activity data to Trend Vision One, install Trend Micro Endpoint Basecamp with the deployment script below or with an installer from Trend Vision One > Endpoint Inventory. After installing, enable the sensor on Trend Vision One Endpoint Inventory.要將活動數據轉發到 Trend Vision One，請使用下面的部署腳本或 Trend Vision One > Endpoint Inventory 中的安裝程式安裝 Trend Micro Endpoint Basecamp。安裝後，在 Trend Vision One Endpoint Inventory 上啟用感測器。 - 注意:個人身份資訊由Trend Vision One收集。  ::: ## Threat Intellgence 威脅情報(沙箱分析、可疑清單) :::warning #### Sandbox Analysis 沙箱分析 - [ ] Submit suspicious files to:Trend Vision One 將可疑文件提交到:Trend Vision One - [ ] Enable automatic file submission 啟用自動檔提交 - Connection status:Not registered. Go to the Trend Vision One tab and select Register enrollment token. 連線狀態：未註冊。轉到“Trend Vision One”選項卡，然後選擇“註冊令牌”。 #### Suspicious Objects List 可疑清單 - [ ] Compare objects against Suspicious Object List 將物件與可疑物件清單進行比較:Trend Vision One - Connection status:Not registered. Go to the Trend Vision One tab and select Register enrollment token. - 注意:訪問 Trend Vision One 威脅情報時，將使用管理>代理中的趨勢科技伺服器深度安全防護系統管理中心代理伺服器（軟體更新、CSSS、更新、新聞更新、產品註冊和許可）。  ::: ## SMTP 信件設定 #### SMTP (https://hackmd.io/@Williamshieh/SJ6N4QAcT) :::danger - SMTP mail server address SMTP 郵件伺服器位址(optionally include :port): smtp:// - "From" email address - The email address from which outgoing emails should be sent: - "Bounce" email address (optional) - The email address to which delivery failure notifications should be sent: - [ ] Mail server requires authentication 郵件伺服器需要身份驗證 - SMTP username: - SMTP password: - [ ] STARTTLS - Test SMTP Settings  ::: ## Storage (Log保存時限) :::success #### Data Pruning - Automatically delete Anti-Malware Events older than(反惡意軟體事件):7 Days - Automatically delete Web Reputation Events older than(Web 信譽事件):7 Days - Automatically delete Device Control Events older than(裝置控制事件):7 Days - Automatically delete Application Control Events older than(應用程式控制事件):7 Days - Automatically delete Integrity Monitoring Events older than(異動監控事件):7 Days - Automatically delete Log Inspection Events older than(紀錄審查事件):7 Days - Automatically delete Firewall Events older than(防火牆事件):7 Days - Automatically delete Intrusion Prevention Events older than(入侵防禦事件):7 Days - Automatically delete System Events older than(系統事件): 53 Weeks - Automatically delete Server Logs older than(伺服器紀錄):7 Days - Automatically delete Counters older than:13 Weeks - Number of older software versions to keep per platform(每個平臺要保留的舊軟體版本數):5 - Number of older Rule Updates to keep(要保留的舊規則更新數):10 ::: ## Proxies :::info #### Proxy Server Use 使用代理伺服器 - Primary Security Update Proxy used by Agents, Appliances, and Relays: Select a proxy...(用於代理、設備和中繼站的主要安全更新代理伺服器：選擇一個代理伺服器...) - Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing): Select a proxy...(Deep Security Manager（軟體更新、CSSS、新聞更新、產品註冊和授權）：選擇一個代理伺服器...) - Deep Security Manager (Cloud Accounts - HTTP Protocol Only):Select a proxy...(Deep Security Manager（雲帳戶 -僅支援HTTP協議）：選擇一個代理伺服器...) - Trend Micro Cloud One Workload Security Link (HTTP Protocol Only):Select a proxy...(Trend Micro Cloud One Workload Security Link（僅支援HTTP協議）：選擇一個代理伺服器...) #### Proxy Servers - 新增代理伺服器 ::: ## Advanced :::warning #### Load Balancers 負載均衡器 - Load Balancer Manager Hostname(負載均衡器管理員主機名): - Load Balancer Manager Port(負載均衡器管理員埠):4119 - Load Balancer Heartbeat Hostname(負載均衡器檢測信號主機名): - Load Balancer Heartbeat Port(負載均衡器檢測信號埠):4120 - Load Balancer Relay Hostname(負載均衡器中繼主機名): - Load Balancer Relay Port(負載均衡器中繼埠):4122 #### Multi-Tenant Options 多租戶選項 - [ ] Enable Multi-Tenant Mode... - 注意:啟用後，無法禁用多租戶模式。 #### Deep Security Manager Plug-ins 外掛程式 - [ ] View Plug-ins... #### SOAP Web Service API (https://hackmd.io/@Williamshieh/SJ6N4QAcT) - [ ] Enabled - Access the WSDL at(已啟用 - 在以下位置存取 WSDL): https://WIN-0P6O1BD7TJP:4119/webservice/Manager?WSDL - [ ] Disabled  #### Status Monitoring API (https://hackmd.io/@Williamshieh/SJ6N4QAcT) - [ ] Enable status monitoring - General access URL at(啟用狀態監控 - 常規存取 URL): https://WIN-0P6O1BD7TJP:4119/rest/status/manager/ping - [ ] Disabled #### Export 匯出 - Exported file Character Encoding(匯出的檔案字元編碼):US-ASCII - Exported Diagnostic Package Language(匯出的診斷包語言):English (US) #### Licenses - [ ] Hide unlicensed Protection Modules for new Users(為新用戶隱藏未經許可的保護模組) #### Scan Cache Configurations 掃描快取配置 - [ ] View Scan Cache Configurations... #### CPU Usage During Recommendation Scans 建議掃描期間的CPU使用率 - Lower the CPU usage level to increase the wait time between file scans and conserve CPU resources.(降低 CPU 使用率級別以增加文件掃描之間的等待時間並節省 CPU 資源。) - CPU Usage Level:High - 注意:此設置僅影響DSM的建議掃描進程正在使用的 CPU 資源。DSM上運行的其他進程仍會影響CPU總負載。  #### NSX (https://hackmd.io/@Williamshieh/SJ6N4QAcT) - Manager Node for NSX communication(用於 NSX 通信的管理員節點):WIN-0P6O1BD7TJP #### Logo - [ ] Import Logo... - [ ] Reset Logo... #### Manager AWS Identity 管理器 AWS 身份 - Access Key - The Access Key of an AWS User used for the manager identity(存取金鑰 - 用於經理身份的 AWS 使用者的存取金鑰): - Secret Key - The Secret Access Key of an AWS User used for the manager identity(Secret Key - 用於經理身份的 AWS 使用者的秘密存取金鑰): #### Product Usage Data Collection 產品使用數據收集 - [ ] Enable Product Usage Data Collection(啟用產品使用數據收集) #### Application Control 應用程式控制 - [ ] Serve application control rulesets from relays(從中繼提供應用程式控制規則集)  :::