Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Creating a query with Network Criteria on the SMS!

    • Updated:
    • 6 Dec 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary

Constructing Queries: Queries are constructed in the Events Query Pane and the results are displayed in the Display Pane. To access the Events Query Pane, click the Events button on the Toolbar and then click Events in the Navigation pane. To display the Events screen, click the Events button on the Toolbar.

Network Criteria: The SMS can perform search queries based on single, multiple, or ranges of source and destination ports and filter numbers. In the source (Src Port) and destination (Dest Port), you can enter a range uses a dash and multiple ports by separating with commas (,). To enhance searches, you can enter both types of parameters in the port field. For example, to display events that had a source port of 22, 25, or between 1000 and 32000, you would enter "22,25,1000-32000". IP address fields support single entries or CIDR blocks.

Details
Public
Network Criteria Query Pane Fields
SectionDescription
Addresses & PortsEnables you to enter criteria for searching and displaying events. These options include the following:
-Src Addr - Source IP address
-Src Port - Port of the source IP address
-Dst Addr - Destination IP address
-Dst Port - Port of the destination IP address
Packet TraceIndicates if the query should locate action sets with packet trace enabled:
-All
-Events with Packet Trace
-Events without Packet Trace
VLAN IDEnables you to enter criteria for searching and displaying events based on VLAN ID.

 

Procedure:

  1. Log in to the SMS from a client.
  2. On the top Navigation menu click Events.
  3. On the Events screen, click Inspection Events in the Navigation pane.
  4. On the Query pane, select the triangle symbol (▶) next to Network Criteria to expand this option.
  5. In the Addresses and Ports area, enter:
    • Src Addr(s) - Source IP address
    • Src Port(s) - Port of the source IP address
    • Dst Addr(s) - Destination IP address
    • Dst Port(s) - Port of the destination IP address
  6. When searching for source or destination IP addresses, you can:
    • Enter multiple IP address separated by commas.
    • Enter one address or a CIDR block.
    • Exclude IP addresses in a CIDR block by using the "!"symbol.
  7. Select the desired entry from the Packet Trace drop-down listings.
  8. If you want to include a VLAN ID in your search query, In the VLAN area, enter the ID in the VLAN area.
  9. Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of row may decrease the query processing time.
  10. Click Refresh. The returned attack events display in the List pane.
  11. To save this query, click Save As. Enter a name for the query when prompted. The query displays in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane resets and clears the criteria fields.

Note: You are not required to complete all query fields. Complete only as many as you need to successfully execute your query.



Reference: SMS User Guide

Premium
Internal
Rating:
Category:
Configure
Solution Id:
TP000096748
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.