Distribution Settings

Control Manager consolidates Virtual Analyzer and user-defined suspicious objects (excluding exceptions) and sends them to certain managed products. These products synchronize and use all or some of these objects.

For a list of supported managed products, see Suspicious Object Management and Handling Process.

Control Manager can also send suspicious IP addresses and domains to a third-party product called HP TippingPoint.

  1. Navigate to Administration > Suspicious Objects > Distribution Settings. The Distribution Settings screen appears.
  2. In the Trend Micro Managed Product Settings section:
    1. Mark the check box to send suspicious objects to managed products.
    2. Record the following information for use when configuring Control Manager as the Virtual Analyzer source in managed products:

      • Service URL: The service URL of Control Manager

      • API key: The code that identifies Control Manager to the managed product

  3. In the HP TippingPoint Settings section:
    1. Mark the check box to send suspicious objects to HP TippingPoint.

      Control Manager sends suspicious IP addresses and domain names analyzed by Deep Discovery Inspector and Deep Discovery Analyzer. HP TippingPoint uses reputation filters to apply block, permit, or notify actions across an entire reputation group. For more information about reputation filters, refer to your HP TippingPoint documentation.

    2. Provide the following information:

      • Server name: Service URL of your HP TippingPoint deployment

      • User name and password: Account with sufficient privileges to access the HP TippingPoint console

    3. Click Test Connection to confirm the connection.
    4. Select the severity that triggers Control Manager to send IP address/domain name information to HP TippingPoint.

      • High only: IP addresses and domain names with high severity

      • High and medium: IP addresses and domain names with high and medium severity

      • All: Includes IP addresses and domain names with high, medium, and low severity

    5. Specify the column names that HP TippingPoint will display, along with the tag it will use to categorize the list. Control Manager sends the corresponding values for the following tags:
      Important:

      Add tag categories to the HP TippingPoint Reputation Database before submitting the reputation list. Otherwise, missing or misspelled tags in HP TippingPoint will cause a mismatch and prevent Control Manager from sending the suspicious objects list.

      • Severity: Tag name of the severity column

        Possible values: High, Medium, Low

      • Product Name: Deep Discovery

      • Publisher Name: Column header of the software publisher

        Possible value: Trend Micro Control Manager

  4. Click Save.
Parent topic: Responding to Targeted Attacks and Advanced Threats