Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I create a query with Filter Criteria on the SMS?

    • Updated:
    • 30 Nov 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary

Constructing Queries:

IPS queries are constructed in the Events Query Pane and the results are displayed in the Display Pane. To access the Inspection Events Query Pane, click the Events button on the Toolbar and then click Inspection Events in the Navigation pane. To display the Events screen, click the Events button on the Toolbar.

 

Filter Criteria:

The Query Pane includes a general Filter option that enable you to search filters based on filter name, number, category, or profile. You can also add additional search criteria by selecting filter severity and action type options.

 

Filter Criteria Query Pane Fields
SectionDescription
Filter DetailsEnables you to enter the name and/or number of the filter
Filter CategoryEnables you to select one or more filter categories:
  • Exploits
  • Identity Theft
  • Reconnaissance
  • Security Policy
  • Spyware
  • Virus
  • Vulnerabilities
  • Advanced DDoS
  • Network Equipment
  • Reputation
  • Traffic Normalization
  • Traffic Thresholds
  • Instant Messaging
  • Peer to Peer
  • Streaming Media
ProfileEnables you to select a profile

Suspicious URL

Metadata

Enables you to filter events with suspicious URL metadata.
Filter SeverityEnables you to select the severity of the event
Filter TypeEnables you to filter the events by Security or Application type.
Reputation TypeEnables you to filter the events by Reputation or Geographic filter. By default, both
filters are selected.

 

For Geographic filters, the Events table displays the name of the filter, any included
or excluded countries (Filter Criteria), the country flag icon (if available), and
matching IP address for the filter.

 

If the Geographic filter events display as Reputation events, or if you have other
issues with the search criteria, redistribute all the profiles to all the segments for the
distribution to start working again.
Action TypeEnables you to select the action; Permit, Block, Trust, Rate Limit or Quarantine.
Event CommentEnables you to select All Events, Events with Comments or Events without Comments.
Details
Public

Procedure:

 

  1. Log in to the SMS from a client.
  2. On the top Navigation menu click Events.
  3. Select Inspection Events from the left navigational tree. The Events - Inspection Events screen displays.
  4. On the Query pane, select the triangle symbol (▶) next to Filter Criteria to expand this option..   In the Filter Details fields, enter the appropriate information.
  5. In the Filter Severity area, deselect any option you do not want in your query.
  6. In the Filter Category area, select one or more categories in the Category list you want to include in your query. You can expand a listing to select individual entries or select a top-level list item to include every item listed under it.
  7. In the Profile area, select a profile from the drop-down list to include in your query.
  8. In the Action Type area, deselect any option you do not want in your query.
  9. Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of row may decrease the query processing time.
  10. Click Refresh. The returned attack events display in the List pane.
  11. To save this query, click Save As. Enter a name for the query when prompted. The query displays in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane resets and clears the criteria fields.

 

Note: You are not required to complete all query fields. Complete only as many as you need to successfully execute your query.

 

Reference: SMS User Guide

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000095736
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.