Configuring Trend Micro TippingPoint Security Management System (SMS)

  1. On the Deep Discovery Director (Consolidated Mode) management console, go to Threat Intelligence > Sharing Settings > Auxiliary Products/Services.

    The Auxiliary Products/Services screen appears.

  2. Select Distribute objects to auxiliary products/services.
  3. Select Trend Micro TippingPoint Security Management System (SMS).
  4. Type the server address.
    Note:

    The server address must be the IPv4 address or FQDN of the auxiliary product/service.

  5. Type the user name and password used for authentication.
  6. (Optional) Click Test Connection.
  7. To send object information from Deep Discovery Director (Consolidated Mode) to this auxiliary product/service, configure the following criteria:
    • Object type:

      • C&C Callback Address

        • IPv4 address

        • Domain

        • URL

          Note:

          Only supported by SMS 5.0 or higher.

      • Suspicious Object

        • IPv4 address

        • Domain

        • URL

          Note:

          Only supported by SMS 5.0 or higher.

    • Risk level:

      • High only

      • High and medium

      • High, medium, and low

  8. Click Save.

    The following tag categories are displayed in the TippingPoint SMS Reputation Database.

    Tag Category

    Value

    Trend Micro Source

    The host name of Deep Discovery Director (Consolidated Mode)

    Trend Micro Severity

    Possible values:
    • High

    • Medium

    • Low

    Trend Micro Publisher

    The product name of Deep Discovery Director (Consolidated Mode)

    Trend Micro Detection Category

    The detection type of the threat.

  9. (Optional) To view distributed C&C callback addresses and suspicious objects in TippingPoint SMS, do the following:
    1. Verify that the following tag categories exist in the Tag Categories list of the TippingPoint SMS Client.
      • Trend Micro Severity

      • Trend Micro Source

      • Trend Micro Publisher

      • Trend Micro Detection Category

    2. On the Profile tab, go to Reputation Database > Search.
    3. On the Entry Criteria screen, type search parameters and then click Search.

    Suspicious objects and C&C callback addresses distributed by Deep Discovery Director (Consolidated Mode) are displayed.