Reputation filters and Quarantine Actions

- Updated:
- 24 Aug 2017
- Product/Version:
- TippingPoint IPS N-series All
- TippingPoint IPS NX-series All
- TippingPoint IPS S-series All
- TippingPoint SMS All
- TippingPoint TPS All
- TippingPoint Virtual SMS
- TippingPoint Virtual TPS All
- Platform:

Summary

What is Reputation Feed (RepFeed)? Threat Digital Vaccine (ThreatDV), a combination of the Reputation Feed (formerly known as RepDV) and a malware filter package. Reputation Feed (RepFeed) is a subscription-based service that identifies and delivers suspect IP IPv4, IPv6 and Domain Name System (DNS) security intelligence feeds from a multi-vendor, global reputation database so that customers can actively enforce and manage reputation security policies using the Trend Micro TippingPoint Next Generation Intrusion Prevention System (NGIPS) Platform. The addresses are tagged with reputation, geographic, and other identifiers for ready and easy security policy creation and management. The Reputation Feed provides the addresses and tags multiple times a day (two hours on average) in the same manner as standard Digital Vaccines. You can choose to download addresses into the Reputation database automatically or manually.

Details

What is a Reputation Filter? A Reputation filter associates an action set with one or more of entries in the Reputation Database. Possible actions include: block, permit, notify, and trace. When the profile containing the Reputation filter is distributed to a device, the specified actions are applied to traffic that matches the addresses of tagged entries in the Reputation Database that have been screened using specified tag criteria.

What is Quarantine? The Quarantine option enhances your devices to contain or remove offending network users or devices and provides the ability to automate sophisticated responses to security events. By enabling quarantine with a Block action set, you reduce the exposure of your network to internal and external threats.

Use Case Description: When using quarantine actions sets with reputation filters, the quarantine action will apply to the hosts attempting to communicate with the reputation entries. For example, if host1 is in the reputation database with an action set of quarantine and host2 attempts to communicate with host1, host2 will be quarantined and all other communications from host2 will be blocked. Its best practice to add quarantine action exceptions for hosts that you would never want to quarantine (E.g. Default Gateway, DNS/SMTP Servers, etc.).

Rating:

Category:

Configure; Troubleshoot; Deploy

Solution Id:

TP000087444

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

Reputation filters and Quarantine Actions