Threat_Management_Services

Threat Management Services Portal

Threat Management Services Portal (TMSP) receives logs and data from registered products and then issues targeted reports to product users. Register Threat Discovery Appliance to TMSP to respond to threats in a timely manner and receive up-to-date information about the latest and emerging threats.

TMSP works with Threat Discovery Appliance by:

• Analyzing logs and data coming from Threat Discovery Appliance, including:

• Detection logs

• Application filter logs

• URL filtering logs

• Security Compliance logs

• Network configuration data, including monitored networks, registered domains, and registered services. TMSP displays network configuration data in reports and in various places in the TMSP administrative console.

• URL Filtering and Security Compliance logs are not available in the Threat Discovery Appliance web console.

• Generating threat reports

Reports contain security threats and suspicious network activities, and Trend Micro recommended actions to prevent or address them. Daily administrative reports enable IT administrators to track the status of threats, while weekly and monthly executive reports keep executives informed about the overall security posture of the organization.

Threat Discovery Appliance sends heartbeat messages to TMSP periodically. A heartbeat message informs TMSP that Threat Discovery Appliance is up and running and can therefore send logs.

Threat Discovery Appliance can use proxy server settings configured on the Proxy Settings screen to connect to TMSP.

Form Factor

TMSP is available as a Trend Micro hosted service and as an on-premise application that you can install on a bare metal server or a virtual machine.

If you are installing the on-premise edition of TMSP:

• Refer to the TMSP Administrator’s Guide for installation and configuration instructions.

• For information on the TMSP versions compatible with Threat Discovery Appliance, see Integration with Trend Micro Products and Services.

If you have TMSP as a hosted service, ask your Trend Micro representative or support provider for the information required to register Threat Discovery Appliance to TMSP. Information includes:

• IP addresses of TMSP’s log server and status server

• Server authentication credentials

To configure TMSP settings:

• Threat Management Services Portal

1. Select Send logs and data to Threat Management Services Portal to register Threat Discovery Appliance to TMSP.

• Disabling this option unregisters Threat Discovery Appliance from TMSP. If you disable this option:
  
  - If you have TMSP as an on-premise application, manually remove Threat Discovery Appliance from TMSP’s Registered Products screen.
  
  - If you have TMSP as a hosted service, inform your Trend Micro representative about the unregistration.

2. Specify the log server for TMSP.

• If you have TMSP as a hosted service, type the IP address or host name.

• If you have TMSP as an on-premise application, type the IP address.

3. Select the protocol. You can select either SSH or SSL.

• If you have set up a firewall, configure the firewall to allow traffic from Threat Discovery Appliance to TMSP through port 443 (if you selected SSL) or port 22 (if you selected SSH).

• If you selected SSH and have set up Microsoft ISA Server, configure the tunnel port ranges on the ISA server to allow traffic from Threat Discovery Appliance to TMSP through port 22.

4. Specify how often to send logs to TMSP.

5. Specify the status server for TMSP.

• If you have TMSP as a hosted service, type the IP address or host name.

• If you have TMSP as an on-premise application, type the IP address.

• The status server receives the following information from Threat Discovery Appliance:
  
  - Heartbeat message. Threat Discovery Appliance sends a heartbeat message at regular intervals to inform TMSP that it is up and running.
  
  - Outbreak Containment Services logs

6. Type the server authentication credentials (user name and password). TMSP authenticates Threat Discovery Appliance using these credentials and then proceeds to accept logs and data.

7. Type the registration email address.

• The email address is used for reference purposes. Trend Micro recommends typing your email address.

8. If you have configured Proxy Settings for Threat Discovery Appliance and want to use these settings for TMSP connections, select Connect through a proxy server.

9. To check whether Threat Discovery Appliance can connect to TMSP based on the settings you configured, click Test Connection.

10. Click Save if the test connection is successful.

See also:

• About Threat Discovery Appliance

• Integration with Trend Micro Products and Services