Views:

Migrate an existing TippingPoint Security Management System (SMS) that is connected to Trend Vision One and connect to Network Security.

Note
Note
The following instructions apply only to TippingPoint SMS deployments running version 5.5.3 or earlier that are already connected to Trend Vision One.
If you have not yet connected a TippingPoint SMS to Trend Vision One, migrate your TippingPoint SMS to the latest version and connect directly over the internet or through a Service Gateway 2.0 appliance.

Procedure

  1. Migrate your TippingPoint SMS console to 5.5.3 Patch 1 or later.
    Note
    Note
    The following instructions only enable functions available on TippingPoint SMS 5.5.3 Patch 1. Newer versions have additional features that further improve your threat awareness and ability to automatically respond to incidents. For more information, see the functions table in TippingPoint SMS connection guides.
  2. In the Trend Vision One console, go to Workflow and AutomationService Gateway Management.
    Note
    Note
    Connecting a TippingPoint SMS using a Service Gateway requires a Service Gateway 2.0 or later appliance. You can check the Service Gateway version in Service Gateway Management.
  3. If you do not have a Service Gateway available for connecting your TippingPoint SMS to Trend Vision One, you must install a Service Gateway appliance .
    Note
    Note
    Multiple TippingPoint SMS deployments can connect to a single Service Gateway appliance.
    1. Click Download Virtual Appliance to open the Service Gateway Virtual Appliance panel.
    2. Select either VMware ESXi (OVA) or Microsoft Hyper-V (VHDX) as the disk image type you want to use.
    3. Click Download Disk Image.
    4. Copy the Registration Token, which you will need when deploying the appliance.
    5. Install the Service Gateway virtual appliance.
      For detailed deployment instructions, see:
      For a complete list of Service Gateway system requirements, see Service Gateway appliance system requirements.
    6. Click Close.
  4. Configure the Service Gateway appliance for use with a TippingPoint SMS.
    1. Click the name of the Service Gateway appliance.
    2. Click Manage Services.
    3. Click the install icon (sg2-install-icon.png) to install and then enable the following services.
      Service
      Description
      Forward proxy
      Required for data sharing between the TippingPoint SMS and Trend Vision One, allowing users to view filter and profile distribution statuses
      TippingPoint policy management
      Required for filter policy distribution and enforcement from Intrusion Prevention Configuration in Trend Vision One to TippingPoint SMS devices
  5. In the Service Gateway Management app, record the Service Gateway Management API key and the IP address of the Service Gateway appliance.
    1. Click Manage API Key and record the API key, then click Close.
    2. Click the Service Gateway appliance name and record the IPv4 address.
  6. Configure a TippingPoint SMS connector in Trend Vision One.
    1. In the Trend Vision One console:
      • For customers that have updated to the Foundation Services release, go to Point Product ConnectionProduct Instance.
      • For customers using the legacy Trend Vision One console, go to Point Product ConnectionProduct Connector.
    1. Click Connect.
    2. In the Product dropdown menu, select TippingPoint Security Management System.
    3. Click the Click to generate the enrollment token link.
    4. Copy the enrollment token for use on the TippingPoint SMS console.
    5. Click Save.
  7. Connect your TippingPoint SMS to Trend Vision One.
    1. On the TippingPoint SMS web management console, go to AdministrationTrend Micro Connections.
    2. Click Configure integration settings.
    3. Paste the enrollment token into the Enrollment Token field.
      Using an enrollment token automatically provisions a one-year Trend Vision One certificate. The certificate automatically renews 30 days before expiration to avoid any gaps in security protection.
    4. Enable and configure the Service Gateway function.
      1. In the Service Gateway section, enable the State toggle.
        Note
        Note
        • The State toggle is only present in TippingPoint SMS 6.0.0 or later.
        • The Service Gateway function cannot be disabled in earlier versions.
      2. In the IP Address field, enter the IP address of the Service Gateway.
      3. In the API Key field, enter the Service Gateway Management API key.
      4. Click Test Connection to verify that the TippingPoint SMS can connect to Trend Vision One.
    5. In the Network Intrusion Prevention - Data Sharing section, enable the State toggle to allow device inventory sharing with Trend Vision One.
    6. Click Save.
  8. Verify the connection status.
    1. In the Trend Vision One console:
      • For customers that have updated to the Foundation Services release, go to Point Product ConnectionProduct Instance.
      • For customers using the legacy Trend Vision One console, go to Point Product ConnectionProduct Connector.
    2. Check that the Connection status for TippingPoint Security Management System is green.
    Devices managed by the TippingPoint SMS can be viewed in Network SecurityNetwork Inventory.
  9. To check for vulnerabilities and receive policy recommendations in Trend Vision One, enable the TippingPoint SMS as an Attack Surface Risk Management data source.
    1. In the Trend Vision One console, go to Attack Surface Risk ManagementExecutive Dashboard.
    2. Click Data sources.
    3. In the Trend Micro Security Services section, click TippingPoint Security Management System.
    4. Enable Data upload permission to allow the TippingPoint SMS to provide data for more comprehensive risk insights into your network activity.