-
On the Deep Discovery Director (Internal
Network Analytics Version) management console, go to Threat Intelligence > Sharing Settings > Auxiliary Products/Services.
The Auxiliary Products/Services screen appears.
- Select Distribute objects to auxiliary products/services.
- Select Trend Micro TippingPoint Security Management System (SMS).
-
Type the server address.
Note:
The server address must be the IPv4 address or FQDN of the auxiliary product/service.
- Type the user name and password used for authentication.
- (Optional) Click Test Connection.
-
To send object information from Deep Discovery Director (Internal
Network Analytics Version) to this auxiliary product/service, configure the following criteria:
-
Object type:
-
C&C Callback Address
-
IPv4 address
-
Domain
-
URL
Note:Only supported by SMS 5.0 or higher.
-
-
Suspicious Object
-
IPv4 address
-
Domain
-
URL
Note:Only supported by SMS 5.0 or higher.
-
-
-
Risk level:
-
High only
-
High and medium
-
High, medium, and low
-
-
- Select the frequency at which object information should be distributed.
-
Click Save.
The following tag categories are displayed in the TippingPoint SMS Reputation Database.
Tag Category
Value
Trend Micro Source
The host name of Deep Discovery Director (Internal Network Analytics Version)
Trend Micro Severity
Possible values:-
High
-
Medium
-
Low
Trend Micro Publisher
The product name of Deep Discovery Director (Internal Network Analytics Version)
Trend Micro Detection Category
The detection type of the threat.
Reputation Entries TTL
The time to live (TTL) as a timestamp in YYYY-MM-DD hh:mm:ss TZ format.
Note:Only supported by SMS 5.1 or higher.
-
-
(Optional) To view distributed C&C callback addresses and suspicious objects in TippingPoint SMS, do the following:
-
Verify that the following tag categories exist in the Tag Categories list of the TippingPoint SMS Client.
-
Trend Micro Severity
-
Trend Micro Source
-
Trend Micro Publisher
-
Trend Micro Detection Category
-
-
On the Profile tab, go to Reputation Database > Search.
- On the Entry Criteria screen, type search parameters and then click Search.
Suspicious objects and C&C callback addresses distributed by Deep Discovery Director (Internal Network Analytics Version) are displayed.
-
Verify that the following tag categories exist in the Tag Categories list of the TippingPoint SMS Client.
Views: