The SMS provides an action that automatically enters offending IP addresses into the Reputation Database. This action enables you to blacklist IP addresses identified by the Active Response service. This action has the following characteristics:
- The Reputation Database entry will only be used by profiles that have a Reputation Filter defined with matching tag category values and has been distributed to one or more devices.
- You can specify tagged or untagged entries.
- Tag values you can assign are any tag category currently defined in the Reputation Database as well as user-defined tags created in the Add Tag Category editor. Note that any changes to the tag definitions in the database can invalidate an action.
- Entries can be aggregated and added to the database every 60 minutes (recommended).
- You can control the total number of entries that can be added to the database by this action.
- Tag categories defined in Reputation Entry actions can conflict with Reputation filters that match the tag categories and have defined exceptions that can preempted triggering of the Reputation Entry action. Add this action to a policy and add the policy to an action set enabled for SMS Response.
How To: Create and Implement a Reputation Entry Action
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Responder->Actions tab screen.
- On the Response Actions section do one of the following:
- Click New.
- Right-click and select New.
- From the SMS toolbar select Action
- The Create New Response Action setup wizard displays.
- Select the Action Name and Type tab and enter the required information;
- Name: Enter a name that will be used to identify the action.
- Action Type: From the drop-down menu select Reputation Entry.
- Click Next or the Reputation Entry tab and enter the following information to specify when reputation entries are added to the database and what tags will be applied to the entry:
- Aggregate Entry Creation - Check this box to specify that reputation entry requests are to be aggregated and saved to the database every 60 minutes. This option is checked by default. To specify that the new reputation entries will be added immediately, uncheck this check box.
- Maximum Reputation Entries - Enter the maximum number (1-2000000) of reputation entries allowed to be created by this action based on the capacity of your Reputation database.
- Tag Values - Specify the tags and tag values that will apply to the reputation entries created by this action by selecting the check box of those tags you want to apply.
- Add Tag Category -Click to add a tag category that you define for the entries. For information about adding tag categories.
- Click Test to test the connection defined in this action.
- Click Next to read the Implementation instructions.
- Click Finish to complete your setup.
Note: A Reputation Filter that matches the tag categories in this response action may also contain exceptions which can cause the Reputation Database entry created by this action to be ignored.
Reference: SMS User Guide