Digital Vaccines (DVs) are downloadable security packages that include filters for protecting your network system. These filters provide new signatures to protect against researched threats to network security. The Threat Management Center (TMC) constantly researches and distributes filter and software updates to protect systems against new malicious threats to networks. One of the ways they provide continued support and protection to your TippingPoint system is through Digital Vaccine packages.
These packages include filter updates you can distribute to devices and customize in profiles. You can manually or automatically download and distribute these updates through the Profiles -Digital Vaccines screen. The screen allows you to download packages and distribute them to devices according to your own schedules. You can also configure the system to automatically check for, download, and distribute filter updates to the devices managed by the SMS.
Note: If you do not want to activate a Digital Vaccine when downloading it, deselect that option when prompted to download a new DV and also on the Digital Vaccine management screen in the Profiles area of the SMS.
You can also have the SMS send you email notification of automatic Digital Vaccine downloads and distribution. To receive these messages via e-mail, you need to add your contact information to the Network Information settings for the SMS system.
Note: Only users with Super User and Administrator access can perform these operations.
Digital Vaccine Interface
The Digital Vaccine Screen has the following tabs:
- DV Inventory tab
- Scheduled Distributions tab
DV Inventory Tab
The DV Inventory Tab has the following features:
- Active DV: provides version information about the active Digital Vaccine package.
- DV Auto Activation: for any of the following features that are enabled, the SMS:
- Automatic Download: downloads new Digital Vaccine packages as they become available on TMC.
- Automatic Activate: automatically activates the downloaded package in the SMS. Note: An auto-downloaded Digital Vaccine will not activate if its major version is different than the major version of the currently active Digital Vaccine.
- Automatic Distribute: distributes the downloaded package to all available devices.
- DV Notification Pop-ups: displays a notification popup when a DV is available. The DV Notification Pop-ups option is only available when auto download is disabled. Additionally, this option only affects the current user.
- DV Inventory: lists the Digital Vaccine packages that have been downloaded and are available for distribution.
- Distribution Progress: provides information on distribution status of a Digital Vaccine package for a device.
Downloading and Managing Vaccines
The process for downloading and managing these vaccines includes the following:
- Download or import the latest filters from the TMC in the form of Digital Vaccine packages. In the Profiles - Digital Vaccines screen, you can see the list of packages installed and activated on your system. To obtain the latest package from the TMC, click Download. If you have the package saved locally, click Import.
- Edit and customize the filters. You may need to enable certain filters according to the filter pillar type.
- Distribute the profile to IPS devices or associated segment group.
AAs you make changes and additions, the SMS adds the changes to the profile. The profile includes all filter changes and recent additions of the Digital Vaccine package. You can right-click on entries in the DV Inventory and do the following:
- Import: Import a Digital Vaccine package from a file
- Download from TMC: Download the latest Digital Vaccine package from the TMC
- Distribute: Distribute the Digital Vaccine package to the devices
- Activate: Make the package active
- Details: View the details of the package
- Delete: Removes the package file from the system
Through the Profiles - Digital Vaccines screen and Navigation pane, you can manage Digital Vaccine packages. When you update the filters of a system, you can download or import the packages. To import a package, you must have a Digital Vaccine package file. You can also directly download the package file from the Threat Management Center through the SMS. Only users with Super User and Administrator access can perform these operations.
Scheduled Distributions Tab
From the Scheduled Distributions Tab you can:
- Create a new scheduled DV distribution
- Edit an existing scheduled DV distribution
- Delete an existing scheduled DV distribution
Importing DV Packages
When you import a Digital Vaccine package, the SMS accesses TMC for available updates. If a new package is available, the SMS may prompt you to download and install the update. Packages are downloaded and added to the DV list for activation as you need. You can also configure the automatic update feature to have the SMS Client check and download updates periodically. When a Digital Vaccine is automatically downloaded, it is also activated. However, the DV has no impact on current profiles until the DV is distributed.
Reference: SMS User Guide