Reputation Feed (formerly known as RepDV) is now part of the Threat Digital Vaccine (ThreatDV) product, which is a subscription service that includes both the reputation database and the new Malware Filter Package.
The Reputation Feed identifies and delivers suspect IPv4, IPv6 and Domain Name System (DNS) security intelligence feeds from a multi-vendor, global reputation database so that customers can actively enforce and manage reputation security policies using the TippingPoint Next Generation Intrusion Prevention System (NGIPS) Platform. The addresses are tagged with reputation, geographic, and other identifiers for ready and easy security policy creation and management. The Reputation Feed provides the addresses and tags multiple times a day (two hours on average) in the same manner as standard Digital Vaccines.
Reputation Database entries provided by the ThreatDV service are read only and as such cannot be modified or deleted, only User Provided Entries can be modified. If you find that an IP address or DNS entry is being reported as malicious and you know that this information is incorrect, you can submit a correction by contacting the Trend Micro Technical Assistance Center (TAC).
Workaround: While you are not able to delete or modify a ThreatDV service entry, you can create a "whitelist" or user provided entries that will in effect cancel out the entry that has been reported as malicious. User Provided Entries take precedence over RepFeed entries. In order to create a "whitelist" you will have to perform the following steps;
- Create a Tag Category - Tag categories define the types of tags that may be used to tag reputation database entries. This kind of metadata helps describe an item and allows it to be found again by performing a search.
- Create a User Provided Entry - User provided entries contain the IP address or DNS domain name of the offending system.
- Create a Reputation Filter - A Reputation Filter associates an action set with one or more of entries in the Reputation Database.
Procedure:a) Create a Tag Category
b) Create User Provided Entry
- Log in to the SMS from a client and on the top Navigation menu click Profiles.
- On the left Navigation menu select Reputation Database. The Reputation Database screen displays.
- On the Reputation Database screen select the Tag Categories tab.
- On the Tag Categories tab click Add. The Create Tag Category screen displays.
- In the General section enter the flowing information;
- Name: Enter a name for the category. (e.g. whitelist)
- Type: Select Yes/No from the drop-down menu.
- Description: Enter a description for the category.
- On the Create Tag Category screen, click OK to close and return to the Tag Categories tab.
c) Create a Reputation Filter
- On the left navigation menu select User Provided Entries. The User Provided Entries screen displays.
- In the User Provided Entries screen, click Add. The Create Reputation Entry screen displays.
- Select IP Address or DNS Domain depending on the entry you wish to whitelist.
- In the Tag area, select the Tag Category created in the previous procedure (e.g. whitelist) and select Yes from the options provided.
- Click OK when finished.
- On the left navigation menu select the "Profile" that you wish to modify.
- On the "Profile" select User Defined Filters>Reputation / Geo. The Reputation Settings screen displays.
- In the Reputation Filters section, select New Reputation. The Create Reputation Filter screen displays.
- In the General Settings area under Filter Info enter a Name for the filter.
- In the Action area under Action Set select Permit+Notify from the drop-down menu.
- Select the Entry Selection Criteria tab, and in the Tag area:
- Select the Tag Category previously created (e.g. whitelist).
- Un-check the Reputation DV Score tag.
- Distribute the profile by selecting Distribute.