Configuring IBM Security Network Protection Parent topic

Procedure

  1. On the IBM XGS console, do the following to configure the generic agent:
    1. Go to Manage System SettingsNetwork SettingsAdvanced Threat Protection Agents.
      admin_intgr-prods_se_005.jpg
      The Advanced Threat Protection Agents window opens.
    2. Click New.
    3. Provide the following information:
      • Name: Type a name
      • Agent Type: Select Generic
      • Address: Deep Discovery Inspector management port IP address in IPv4 or IPv6 format
      • User name: Existing authentication credential
      • Password: Existing authentication credential

      Valid Character Sets

       
      User name
      Password
      Minimum length
      1 character
      1 character
      Maximum length
      15 characters
      15 characters
      admin_intgr-prods_se_006.jpg
  2. Click Save Confirmation.
    The Deploy Pending Changes window opens.
  3. To apply changes to IBM XGS, click Deploy.
    admin_intgr-prods_se_007.jpg
    The new agent appears in the Advanced Threat Protection Agents list.
  4. On the Deep Discovery Inspector management console, go to AdministrationIntegrated Products/ServicesInline Products/Services and select Configuring IBM Security Network Protection (XGS).
  5. Provide the following information:
    • Server address
      Note
      Note
      The server address must be the IPv4 address or FQDN of the inline product.
    • User name: Existing authentication credential
    • Password: Existing authentication credential

    Valid Character Sets

     
    User name
    Password
    Minimum length
    1 character
    1 character
    Maximum length
    15 characters
    15 characters
  6. (Optional) Click Test Connection.
  7. Under Object Distribution, click Enabled.
    The Legal Statement opens.
  8. Read and accept the Legal Statement.
    Note
    Note
    To enable integration with this inline product/service, you must accept the Legal Statement.
  9. (Optional) Select a new Frequency.
  10. To send object information from Deep Discovery Inspector to this inline product/service, configure the following criteria:
    • Object type:
      • C&C Callback Address
        • IPv4 address
        • URL
      • Suspicious Object
        • IPv4 address
        • URL
    • Risk level:
      • High only
      • High and medium
      • High, medium, and low
  11. Click Save.
  12. (Optional) On the IBM XGS console, go to Secure Policy ConfigurationSecurity PoliciesActive Quarantine Rules to view suspicious objects and C&C callback addresses sent by Deep Discovery Inspector to IBM XGS.
    admin_intgr-prods_se_008.jpg
    Note
    Note
    Suspicious objects with a low risk level do not appear in the IBM XGS Active Quarantine Rules. To view all suspicious objects sent by Deep Discovery Inspector, go to Security Policy ConfigurationAdvanced Threat Policy and specify the following settings:
    • Agent Type: Generic
    • Alert Type: Reputation
    • Alert Severity: Low
    Suspicious objects and C&C callback addresses distributed by Deep Discovery Inspector are displayed.