Threat Management Services

Threat Management Services Portal

Threat Management Services Portal (TMSP) receives logs and data from registered products and then issues targeted reports and custom solutions to product users. Register Threat Mitigator to TMSP to respond to threats in a timely manner and receive up-to-date information about the latest and emerging threats.

TMSP works with Threat Mitigator by:

• Receiving forensic data used for analyzing unresolved threats

• Deploying custom patterns to infected endpoints through Threat Mitigator to eliminate unresolved threats

• Providing incident reports detailing malicious behaviors and the chain of events that led to endpoint infections. Reports also contain Trend Micro recommended actions.

Threat Mitigator sends heartbeat messages to TMSP periodically. A heartbeat message informs TMSP that Threat Mitigator is up and running and can therefore initiate threat mitigation tasks.

• Configure proxy settings if a proxy server is used to connect to TMSP. For details, see Proxy Settings.

Form Factor

TMSP is available as a Trend Micro hosted service, and as an on-premise application that you can install on a bare metal server or a virtual machine.

If you are installing the on-premise edition of TMSP:

• Refer to the TMSP Administrator’s Guide for installation and configuration instructions.

• For information on the TMSP versions compatible with Threat Mitigator, see Integration with Trend Micro Products and Services.

If you have TMSP as a hosted service, ask your Trend Micro representative or support provider for the information required to register Threat Mitigator to TMSP. Information includes:

• IP addresses of TMSP’s log server and status server

• Server authentication credentials

To configure TMSP settings:

• Services > Threat Management Services Portal

1. Select Send logs and data to Threat Management Services Portal to register Threat Mitigator to TMSP.

• If you disable this option, Threat Mitigator stops sending logs to TMSP and no longer downloads custom patterns from TMSP. The TMSP reports for Threat Mitigator will also not contain any data.
  
  If you want to permanently disable this option, ensure that you unregister Threat Mitigator from TMSP by performing any of the following steps:
  
  - If you have TMSP as an on-premise application, manually remove Threat Mitigator from TMSP’s Registered Products screen.
  
  - If you have TMSP as a hosted service, contact your Trend Micro representative about the unregistration.

2. Specify the log server for TMSP. The log server receives the following logs from Threat Mitigator:

• Threat event logs: Threat Mitigator sends logs related to threat mitigation, including threat cleanup and custom pattern deployment. TMSP processes the logs and then lists endpoints with threat mitigation issues in the TMSP reports.

• Root cause logs: Threat Mitigator sends logs that trace the root cause of infections. Information about the root cause of infections is also available in the TMSP reports.

Perform any of the following steps:

• If you have TMSP as a hosted service, type the IP address or host name of the log server.

• If you have TMSP as an on-premise application, type the IP address of the log server.

3. Select the protocol. You can select either SSH or SSL.

4. Specify how often to send logs to TMSP.

5. Specify the status server for TMSP. The status server has the following functions:

• Receives heartbeat messages from Threat Mitigator. Heartbeat messages inform TMSP that Threat Mitigator is up and running.

• Receives forensic data from Threat Mitigator. For details about managing forensic data, see Submit a Case.

• Stores the custom patterns issued by Trend Micro and notifies Threat Mitigator to download the required pattern. For details about custom patterns, see Pattern Deployment and Custom Cleanup.

Perform any of the following steps:

• If you have TMSP as a hosted service, type the IP address or host name of the status server.

• If you have TMSP as an on-premise application, type the IP address of the status server.

6. Specify the upload or download bandwidth for the status server.

7. Type the server authentication credentials (user name and password). TMSP authenticates Threat Mitigator using these credentials and then proceeds to accept logs and data.

8. Type the registration email address.

• The email address is used for reference purposes. Trend Micro recommends typing your email address.

9. To check whether Threat Mitigator can connect to TMSP based on the settings you configured, click Test Connection.

10. Click Save if the test connection was successful.

See also:

• About Threat Mitigator

• Threat Mitigation

• Mitigation Tasks

• Threat Management