Security Management System (SMS) v4.6.0, incorporates predefined tag categories from Advanced Threat Protection (ATP) devices. You no longer need to manually create these tag categories when you augment your IPS deployment with ATP devices. The advanced threat intelligence provided in these categories keeps the Reputation Database updated and enables robust reputation filters for enhanced protection of your system.
You can either configure your ATP device to send this data automatically to the SMS (as a tag entry), or you can use the SMS to manually add or import the entries. To configure this integration from your ATP device, refer to the ATP device documentation on the Trend Micro documentation site. To add these entries manually, you must define the tag categories listed in the following table so that the specific data you need can be mapped to the SMS.
|Trend Micro Detection Category||List||Pre-defined values of:
||Specifies which category the detection falls under.|
|Trend Micro Publisher||Text||Up to 255 characters||Can be used to identify the Trend Micro product name that discovered the threat.|
|Trend Micro Severity||List||Pre-defined values of:
||Identifies the threat severity.|
|Trend Micro Source||text||Up to 255 characters||Can be used to identify the configured host name of the Trend Micro device that discovered the threat.|
|Note: After you upgrade to SMS v4.6.0, you can continue to use your user-defined tag categories for ATP integration provided you have not yet upgraded your ATP device. For information on how to migrate reputation entries defined in previous SMS releases to the new predefined tag categories, contact support.|
How to update profiles to include the new pre-defined tag categories:
- Login to the SMS v4.6 client
- Goto: Profiles→Inspection Profiles→[some profile]→User Defined Filters→Reputation / Geo.
- Add a new reputation filter which uses these new predefined tag categories in its selection criteria. For the time being, keep any old filters which use the old tag categories in place. This will ensure that any existing reputation entries using the old tag categories will still be selected.
How to update old reputation entries to use the new pre-defined tag categories:
- Login to the SMS v4.6 client
- Export all the user provided entries:
- Goto: Reputation Database → User Provided Entries
- Select Export…
- Provide file name of export ending in .csv.
- Export once for IPv4, and again for DNS names.
- For each of the exported files above:
- Open the CSV in excel.
- For each column containing customer defined tag names, do a find/replace replacing the name of the customer defined tag name with the new predefined tag name. For example: Find: "Source" replace with "Trend Micro Source".
- Import the updated CSV files.
- Goto: Reputation Database → User Provided Entries.
- Select Import…
- Select modified CSV file for import, and it's type (IPv4 or DNS names).
- Choose "Import tags from file".
- Verify new tags are applied.
- Goto: Reputation Database → Search.
- Search for user provided entries matching the new pre-defined tag names.
- Verify that the entries contain data for these tag names.
- Remove the old tag categories.
- Goto: Reputation Database → Tag Categories
- Delete the old user defined tag categories. (You may need to remove the reference to them from any reputation filters first).