Schedule Deep Security to perform tasks

Deep Security has many tasks that you might want to perform automatically on a regular basis. Scheduled tasks are useful when deploying Deep Security in your environment and also later, to keep your system up to date and functioning smoothly. They are especially useful for running scans on a regular basis during off-peak hours.

Create scheduled tasks

To set up a scheduled task in the Deep Security Manager, click Administration > Scheduled Tasks > New. This opens the “New Scheduled Task Wizard”, which takes you through the steps to create a scheduled task.

The type of scheduled task that you can create depends on which version of Deep Security you are using. Deep Security as a Service performs some of these tasks (like Backup and Check for Software Updates) automatically.

Scheduled Task Deep Security
as a Service
Deep Security from AWS Marketplace Deep Security (on-premise)
Backup
Check for Security Updates
Check for Software Updates
Discover Computers
Generate and Send Report
Run Script
Scan Computers for Integrity Changes
Scan computers for Malware
Scan Computers for Open Ports
Scan Computers for Recommendations
Send Outstanding Alert Summary
Send Policy
Synchronize Cloud Account
Synchronize Directory
Synchronize Users/Contact
Synchronize VMware vCenter

Backup: Perform regular database backups. (This option is only available if you are using a Microsoft SQL Server database.)

Check for Security Updates: Regularly check for security updates and import them into Deep Security when they are available. For most organizations, performing this task once daily is ideal.

Check for Software Updates: Regularly check for Deep Security Agent software updates and download them when they are available.

Discover Computers: Periodically check for new computers on the network by scheduling a Discovery operation. You will be prompted for an IP range to check and asked to specify which computer group the new computer will be added to. This task is useful for discovering computers that are not part of your cloud connector.

Generate and Send Report: Automatically generate reports and optionally have them emailed to a list of users.

Run Script: If the Syslog options do not meet your event notification requirements, it may be possible for Trend Micro to provide a solution using custom-written scripts. Contact Trend Micro for more information.

Scan Computers for Integrity Changes: Causes the Deep Security Manager to perform an Integrity Scan to compare a computer's current state against its baseline.

Scan computers for Malware: Schedules a Malware Scan. The configuration of the scan is the same as that specified on the Policy or Computer Editor > Anti-Malware page for each computer. For most organizations, performing this task once weekly (or according to your organization’s policies) is ideal.

Scan Computers for Open Ports: Schedule periodic port scans on one or more computers. You can specify individual computers or all computers belonging to a particular computer group. Deep Security Manager will scan the port numbers defined on the Scanning tab in the Policy or Computer Editor > Settings page.

Scan Computers for Recommendations: Causes the Deep Security Manager to scan the computer(s) for common applications and then make recommendations based on what is detected. Performing regular recommendation scans ensures that your computers are protected by the latest relevant rule sets and that those that are no longer required are removed. If you have set the “Automatically implement Recommendations” option for each of the three protection modules that support it, Deep Security will assign and unassign rules that are required. If rules are identified that require special attention, an alert will be raised to notify you. For most organizations, performing this task once a week is ideal.

Recommendation Scans can be CPU-intensive, so when scheduling Recommendation Scans, it is best practice to set the task by group (for example, per policy or for a group of computers, no more than 1,000 machines per group) and spread it in different days (for example, database server scans scheduled every Monday; mail server scans scheduled every Tuesday, and so on). Schedule Recommendation Scans more frequently for systems that change often.

Send Outstanding Alert Summary: Generate an email listing all outstanding (unresolved) alerts.

Send Policy: Regularly check for and send updated policies. Scheduled updates allow you to follow an existing change control process. Scheduled tasks can be set to update machines during maintenance windows, off hours, etc.

Synchronize Cloud Account: Synchronize the Computers list with an added cloud account. (only available if you have added a cloud account to the Deep Security Manager.)

Synchronize Directory: Synchronize the Computers list with an added LDAP directory. (Only available if you have added an LDAP directory to the Deep Security Manager.)

Synchronize Users/Contact: Synchronize the Users and Contacts lists with an added Active Directory. (Only available if you have added an Active Directory to the Deep Security Manager.)

Synchronize VMware vCenter: Synchronize the Computers list with an added VMware vCenter. (Only available if you have added a VMware vCenter to the Deep Security Manager.)

Enable or disable a scheduled task

Existing scheduled tasks can be enabled or disabled. For example, you might want to temporarily disable a scheduled task while you perform certain administrative duties during which you don't want any activity to occur. The control to enable or disable a scheduled task is on the General tab of the Task's Properties window.

Set up recurring reports

Recurring Reports are simply scheduled tasks that periodically generate and distribute reports to users and contacts. Most of the options are identical to those for single reports, with the exception of the time filter.

To generate a report on specific computers from multiple computer groups, create a user who has viewing rights only to the computers in question and then either create a scheduled task to regularly generate an "All Computers" report for that user or sign in as that user and run an "All Computers" report. Only the computers to which that user has viewing rights will be included in the report.