Intrusion Prevention Configuration | Trend Micro Service Central

Views:

Assess and prioritize your network vulnerabilities, and quickly deploy virtual patch filters for your most at-risk CVE detections.

Intrusion Prevention Configuration centralizes insights from across your network and assesses and prioritizes risk alongside other XDR sensor data. Intrusion Prevention Configuration provides policy recommendations and enables the deployment of virtual patch filters to stay ahead of critical CVEs.

Note

Intrusion Prevention Configuration was formerly known as Network Intrusion Prevention - Policy Recommendations. You can view your connected TippingPoint devices by navigating to Network Security → Network Inventory.

Policy recommendations speed up your response to the most critical CVE threats affecting your network through the deployment of available TippingPoint Security Management System (SMS) virtual patch filters. You receive a customized display of the most critical CVEs currently affecting your network and the virtual patching filter status across your profiles.

Intrusion Prevention Configuration now supports policy enforcement on all TippingPoint SMS appliances connected to Trend Vision One. If you have more than one SMS, use the dropdown menu to select which SMS to display for policy tuning. Information and policy configuration options for the SMS you select is displayed on the Policy Recommendations page.

Note

In order for TippingPoint users to see Intrusion Prevention Data, they must first ensure Vulnerabilities is selected as a Risk Factor in the Operations Dashboard. Because the Vulnerability Assessment service scans endpoints for vulnerabilities, TippingPoint users must also either install Endpoint Sensor or a third-party vulnerability scanning tool so that vulnerabilities will display in the Operations Dashboard. The resulting vulnerabilities map to the corresponding TippingPoint filter and are shown as network vulnerabilities on the Intrusion Prevention Configuration display.

The following table outlines the options available on the Policy Recommendations tab (Network Security → Intrusion Prevention Configuration → Policy Recommendations (tab)).

Option	Description
Vulnerability Overview	Displays the current vulnerability status for your most at-risk unique CVEs that have corresponding TippingPoint filters available for virtual patching
Prioritized CVE threat list	Displays a prioritized list of CVEs and the filters available that you can enable and deploy to profiles to virtually patch existing threats Use the available filters to view case statuses, or locate specific CVEs and TippingPoint SMS profiles. Mitigate the CVE risk by selecting filters and deploying policies directly to your TippingPoint SMS profiles. View detailed CVE profiles by clicking the details icon ().
Policy deployment status	Displays the current progress of your policy deployment operations