Views:

Connect a TippingPoint Security Management System (SMS) 5.5.4 or 6.0.0 to Network Security through a Service Gateway.

Important
Important
Intrusion Prevention Configuration currently only supports policy enforcement on the first TippingPoint SMS connected to TrendAI Vision One™. Support for policy enforcement on multiple TippingPoint SMS deployments is coming soon.

Procedure

  1. Generate an API key to access the SMS Web API.
    1. From your SMS interface, select AdminAuthentication and AuthorizationRoles and verify that the role for the selected user account has the Access SMS Web Services capability enabled.
    2. Select AdminAuthentication and AuthorizationUsers.
    3. Select the user account, and click Edit.
    4. Click Regenerate API Key to get a new API key.
      You can reset the API key for any reason. But when you do, from this point, the previous API key can no longer be used.
  2. In the TrendAI Vision One™ console, go to Workflow and AutomationService Gateway Management.
    Note
    Note
    Connecting a TippingPoint SMS using a Service Gateway requires a Service Gateway 2.0 or later appliance. You can check the Service Gateway version in Service Gateway Management.
  3. If you do not have a Service Gateway available for connecting your TippingPoint SMS to TrendAI Vision One™, you must install a Service Gateway appliance .
    Note
    Note
    Multiple TippingPoint SMS deployments can connect to a single Service Gateway appliance.
    1. Click Download Virtual Appliance to open the Service Gateway Virtual Appliance panel.
    2. Select either VMware ESXi (OVA) or Microsoft Hyper-V (VHDX) as the disk image type you want to use.
    3. Click Download Disk Image.
    4. Copy the Registration Token, which you will need when deploying the appliance.
    5. Install the Service Gateway virtual appliance.
      For detailed deployment instructions, see:
      For a complete list of Service Gateway system requirements, see Service Gateway appliance system requirements.
    6. Click Close.
  4. Configure the Service Gateway appliance for use with a TippingPoint SMS.
    1. Click the name of the Service Gateway appliance.
    2. Click Manage Services.
    3. Click the install icon (SG2_install_icon=GUID-feef28dd-2ddb-4093-b4e4-5455a0b110bb.png) to install and then enable the following services.
      Service
      Description
      Forward proxy
      Required for data sharing between the TippingPoint SMS and TrendAI Vision One™, allowing users to view filter and profile distribution statuses
      Suspicious Object List Synchronization
      Required for the Suspicious Object function, which synchronizes the centralized TrendAI Vision One™ Suspicious Object List with the TippingPoint SMS
      TippingPoint log forwarding
      Required for the Event and Filter Status Sharing function, which transfers detection data from the TippingPoint SMS for use by XDR Data Explorer and widgets
      TippingPoint policy management
      Required for filter policy distribution and enforcement from Intrusion Prevention Configuration in TrendAI Vision One™ to TippingPoint SMS devices
  5. In the Service Gateway Management app, record the Service Gateway Management API key and the IP address of the Service Gateway appliance.
    1. Click Manage API Key and record the API key, then click Close.
    2. Click the Service Gateway appliance name and record the IPv4 address.
  6. Configure a TippingPoint SMS connector in TrendAI Vision One™.
    • For customers that have updated to the Foundation Services release, go to Service ManagementProduct Instance.
    • For customers using the legacy TrendAI Vision One™ console, go to Point Product ConnectionProduct Connector.
    Alternatively:
    1. In the TrendAI Vision One™ console, go to Network SecurityNetwork Inventory.
    2. Select the Continue with TippingPoint deployment option.
    3. Click Connect a TippingPoint SMS.
    4. Follow the steps in the connection guide dialog for configuring a Service Gateway (if required), generating an enrollment token using the Product Instance app, and connecting your SMS to Trend Vision One using the SMS Client interface.
  7. Connect your TippingPoint SMS to TrendAI Vision One™.
    1. On the TippingPoint SMS web management console, go to AdministrationTrend Micro Connections.
    2. Click Configure.
    3. Paste the enrollment token into the Enrollment Token field.
      Using an enrollment token automatically provisions a one-year TrendAI Vision One™ certificate. The certificate automatically renews 30 days before expiration to avoid any gaps in security protection.
    4. Enable and configure the Service Gateway function.
      1. In the Service Gateway section, enable the State toggle.
        Note
        Note
        • The State toggle is only present in TippingPoint SMS 6.0.0 or later.
        • The Service Gateway function cannot be disabled in earlier versions.
      2. In the IP Address field, enter the IP address of the Service Gateway.
      3. In the API Key field, enter the Service Gateway Management API key.
      4. Click Test Connection to verify that the TippingPoint SMS can connect to TrendAI Vision One™.
  8. Enable sharing and synchronization between TrendAI Vision One™ and your TippingPoint SMS.
    1. In the Suspicious Object section, enable the State toggle and specify how often you want the Suspicious Object List to be synchronized in the Download Interval (minutes) field.
    2. In the Event and Filter Status Sharing section, enable the State toggle.
    3. In the Network Intrusion Prevention - Data Sharing section, enable the State toggle.
    WARNING
    WARNING
    At least one of the three functions must be enabled before you proceed to the next step. Saving your settings without one of the three functions enabled could render your TippingPoint SMS inoperable.
  9. Click Save.
  10. Verify the connection status.
    1. In the TrendAI Vision One™ console:
      • For customers that have updated to the Foundation Services release, go to Point Product ConnectionProduct Instance.
      • For customers using the legacy TrendAI Vision One™ console, go to Point Product ConnectionProduct Connector.
    2. Check that the Connection status for TippingPoint Security Management System is green.
    Devices managed by the TippingPoint SMS can be viewed in Network SecurityNetwork Inventory.
  11. To check for vulnerabilities and receive policy recommendations in TrendAI Vision One™, enable the TippingPoint SMS as an Cyber Risk Exposure Management data source.
    1. In the TrendAI Vision One™ console, go to Cyber Risk Exposure ManagementCyber Risk Overview.
    2. Click Data sources.
    3. In the Trend Micro Security Services section, click TippingPoint Security Management System.
    4. Enable Data upload permission to allow the TippingPoint SMS to provide data for more comprehensive risk insights into your network activity.