Configuring IBM Security Network Protection

  1. On the IBM XGS console, do the following to configure the generic agent:
    1. Go to Manage System Settings > Network Settings > Advanced Threat Protection Agents.

      The Advanced Threat Protection Agents window opens.

    2. Click New.
    3. Provide the following information:
      • Name: Type a name

      • Agent Type: Select Generic

      • Address: Deep Discovery Email Inspector management port IP address in IPv4 or IPv6 format

      • User name: Existing authentication credential

      • Password: Existing authentication credential

      Table 1. Valid Character Sets
       

      User name

      Password

      Minimum length

      1 character

      1 character

      Maximum length

      15 characters

      15 characters

  2. Click Save Confirmation.

    The Deploy Pending Changes window opens.

  3. To apply changes to IBM XGS, click Deploy.

    The new agent appears in the Advanced Threat Protection Agents list.

  4. On the Deep Discovery Email Inspector management console, go to Administration > Integrated Products/Services > Auxiliary Products/Services.
  5. Select Configuring IBM Security Network Protection (XGS).
  6. Under Object Distribution, select Enable.
  7. Under Server Settings, provide the following information:
    • Server name

      Note:

      The server name must be the FQDN or IPv4 address of the auxiliary product.

    • User name: Existing authentication credential

    • Password: Existing authentication credential

    Table 2. Valid Character Sets
     

    User name

    Password

    Minimum length

    1 character

    1 character

    Maximum length

    15 characters

    15 characters

  8. (Optional) Click Test Connection.
  9. To send object information from Deep Discovery Email Inspector to this product/service, configure the following criteria:
    • Object type:

      • Suspicious Object

        • IPv4 address

        • URL

        Note:

        You must select at least one object.

    • Risk level:

      • High only

      • High and medium

      • High, medium, and low

  10. Click Save.
  11. (Optional) On the IBM XGS console, go to Secure Policy Configuration > Security Policies > Active Quarantine Rules to view suspicious objects and C&C callback addresses sent by Deep Discovery Email Inspector to IBM XGS.
    Note:
    Suspicious objects with a low risk level do not appear in the IBM XGS Active Quarantine Rules. To view all suspicious objects sent by Deep Discovery Email Inspector, go to Security Policy Configuration > Advanced Threat Policy and specify the following settings:
    • Agent Type: Generic

    • Alert Type: Reputation

    • Alert Severity: Low

    Suspicious objects and C&C callback addresses distributed by Deep Discovery Email Inspector are displayed.