Views:
  1. On the IBM XGS console, do the following to configure the generic agent:
    1. Go to Manage System Settings > Network Settings > Advanced Threat Protection Agents.

      The Advanced Threat Protection Agents window opens.

    2. Click New.
    3. Provide the following information:

      • Name: Type a name

      • Agent Type: Select Generic

      • Address: Deep Discovery Director (Internal Network Analytics Version) management port IP address in IPv4 or IPv6 format

      • User name: Existing authentication credential

      • Password: Existing authentication credential

      Table 1. Valid Character Sets
       

      User name

      Password

      Minimum length

      1 character

      1 character

      Maximum length

      15 characters

      15 characters
  2. Click Save Confirmation.

    The Deploy Pending Changes window opens.

  3. To apply changes to IBM XGS, click Deploy.

    The new agent appears in the Advanced Threat Protection Agents list.

  4. On the Deep Discovery Director (Internal Network Analytics Version) management console, go to Threat Intelligence > Sharing Settings > Auxiliary Products/Services.

    The Auxiliary Products/Services screen appears.

  5. Select Distribute objects to auxiliary products/services.
  6. Select IBM Security Network Protection (XGS).
  7. Click Legal Statement.

    The Legal Statement dialog appears.

  8. Read and accept the Legal Statement.
    Important:

    To enable integration with this auxiliary product/service, you must accept the Legal Statement.

  9. Type the server address.
    Note:

    The server address must be the IPv4 address or FQDN of the auxiliary product/service.

  10. Type the user name and password used for authentication.
  11. (Optional) Click Test Connection.
  12. To send object information from Deep Discovery Director (Internal Network Analytics Version) to this auxiliary product/service, configure the following criteria:

    • Object type:

      • C&C Callback Address

        • IPv4 address

        • URL

      • Suspicious Object

        • IPv4 address

        • URL

    • Risk level:

      • High only

      • High and medium

      • High, medium, and low

  13. Select the frequency at which object information should be distributed.
  14. Click Save.
  15. (Optional) On the IBM XGS console, go to Secure Policy Configuration > Security Policies > Active Quarantine Rules to view suspicious objects and C&C callback addresses sent by Deep Discovery Director (Internal Network Analytics Version) to IBM XGS.
    Note:
    Suspicious objects with a low risk level do not appear in the IBM XGS Active Quarantine Rules. To view all suspicious objects sent by Deep Discovery Director (Internal Network Analytics Version), go to Security Policy Configuration > Advanced Threat Policy and specify the following settings:

    • Agent Type: Generic

    • Alert Type: Reputation

    • Alert Severity: Low

    Suspicious objects and C&C callback addresses distributed by Deep Discovery Director (Internal Network Analytics Version) are displayed.

Parent topic: IBM Security Network Protection (XGS)