Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How to use the pre-defined categories included in SMS v4.6?

    • Updated:
    • 28 Jul 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary
Predefined tag categories

Security Management System (SMS) v4.6.0, incorporates predefined tag categories from Advanced Threat Protection (ATP) devices. You no longer need to manually create these tag categories when you augment your IPS deployment with ATP devices. The advanced threat intelligence provided in these categories keeps the Reputation Database updated and enables robust reputation filters for enhanced protection of your system.
Details
Public

You can either configure your ATP device to send this data automatically to the SMS (as a tag entry), or you can use the SMS to manually add or import the entries. To configure this integration from your ATP device, refer to the ATP device documentation on the Trend Micro documentation site. To add these entries manually, you must define the tag categories listed in the following table so that the specific data you need can be mapped to the SMS.

 

NameTypeSettingsDescription
Trend Micro Detection CategoryListPre-defined values of:
  • Suspicious Object
  • C&C Callback Address
Specifies which category the detection falls under.
Trend Micro PublisherTextUp to 255 charactersCan be used to identify the Trend Micro product name that discovered the threat.
Trend Micro SeverityListPre-defined values of:
  • High
  • Medium
  • Low
Identifies the threat severity.
Trend Micro SourcetextUp to 255 charactersCan be used to identify the configured host name of the Trend Micro device that discovered the threat.
 
Note: After you upgrade to SMS v4.6.0, you can continue to use your user-defined tag categories for ATP integration provided you have not yet upgraded your ATP device. For information on how to migrate reputation entries defined in previous SMS releases to the new predefined tag categories, contact support.

How to update profiles to include the new pre-defined tag categories:

  1.  Login to the SMS v4.6 client
  2.  Goto: Profiles→Inspection Profiles→[some profile]→User Defined Filters→Reputation / Geo.
  3.  Add a new reputation filter which uses these new predefined tag categories in its selection criteria. For the time being, keep any old filters which use the old tag categories in place. This will ensure that any existing reputation entries using the old tag categories will still be selected.

How to update old reputation entries to use the new pre-defined tag categories:

  1. Login to the SMS v4.6 client
  2. Export all the user provided entries:
    1. Goto: Reputation Database → User Provided Entries
    2. Select Export…
    3. Provide file name of export ending in .csv.
    4. Export once for IPv4, and again for DNS names.
  3. For each of the exported files above:
    1. Open the CSV in excel.
    2. For each column containing customer defined tag names, do a find/replace replacing the name of the customer defined tag name with the new predefined tag name. For example: Find: "Source" replace with "Trend Micro Source".
  4. Import the updated CSV files.
    1. Goto: Reputation Database → User Provided Entries.
    2. Select Import…
    3. Select modified CSV file for import, and it's type (IPv4 or DNS names).
    4. Choose "Import tags from file".
    5. Finish.
  5. Verify new tags are applied.
    1. Goto: Reputation Database → Search.
    2. Search for user provided entries matching the new pre-defined tag names.
    3. Verify that the entries contain data for these tag names.
  6. Remove the old tag categories.
    1. Goto: Reputation Database → Tag Categories
    2.  Delete the old user defined tag categories. (You may need to remove the reference to them from any reputation filters first).
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000085508
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.