The Reputation Feed identifies and delivers suspect IPv4, IPv6 and Domain Name System (DNS) security intelligence feeds from a multi-vendor, global reputation database so that customers can actively enforce and manage reputation security policies using the TippingPoint Next Generation Intrusion Prevention System (NGIPS) Platform. The addresses are tagged with reputation, geographic, and other identifiers for ready and easy security policy creation and management. The Reputation Feed provides the addresses and tags multiple times a day (two hours on average) in the same manner as standard Digital Vaccines.
Standalone IPS systems and RepFeed
Automatic RepFeed updates require an SMS. Only SMS managed IPSs will be updated automatically, standalone IPS devices require a manual update of the RepFeed from TMC. In order to install RepFeed on standalone IPS, the IPS license package must reflect the fact that the IPS is authorized to install RepFeed. If the customer has purchased the RepFeed service, the license package associated with his device will be updated to reflect the RepFeed authorization. However, since a standalone IPS, does not update the License Package or the RepFeed automatically, the customer must access TMC and download the files and perform a manual update.
IPS RepFeed Package Installation
- From a browser go to the TippingPoint Threat Management Center website, (https://tmc.tippingpoint.com).
- Navigate to Releases > ThreatDV > IPS Reputation Feed
- Select the latest package (e.g. TPT_IPDB_IPS_FULL_1.2.1_XXXXXX.pkg)
- Click Download, Accept the EULA and save the License Package to your local system
- Install Package from the LSM
- IPS: System > Update > Install Package
- TPS: System > Update > System, DV, Licenses
Note 1: Standalone devices with RepFeed have to update the RepFeed manually. RepFeed files are updated once a day by TMC.
Note 2: Installing a License Package or a RepFeed Package is a hitless operation and as such will not cause a system reboot
SMS systems and RepFeed
SMS RepFeed management provides the following advantages over stand-alone:
- Auto Download/Activation/Distribution of RepFeed Database
- RepFeed Database Search Capability
- Detailed RepFeed Entry Tagging, based on:
o Exploit Type
o RepFeed Source
- Detailed RepFeed Entry Tagging for Granular Filter Creation - Comparison Expressions
- User Defined RepFeed Entries