TippingPoint IPS adapter
IBM® QRadar® Risk Manager supports TippingPoint IPS (intrusion prevention system) appliances that run TOS and that are under SMS control.
- Telnet, SSH+HTTPS connection protocols
This adapter requires interaction with the following devices:
- IPS directly by using the TippingPoint operating system (TOS) over Telnet or SSH.
- TippingPoint Secure Management Server (SMS) via the web services API over HTTPS.
This adapter works only with IPS devices under SMS control. The SMS web services must be enabled for a successful backup.
This list is limitations of the TippingPoint adapter:
Risk Manager doesn't
process source or destination IP addresses in IPS rules or filters. The following TippingPoint
features are not supported:
- Traffic management filters
- Profile or filter exceptions and restrictions
- User-defined filters
IPS filters without an associated CVE are not modeled because the IPS cannot be mapped to any QRadar vulnerabilities.
The integration requirements for the TippingPoint adapter are described in following table:
TOS 3.6 and SMS 4.2
|Minimum User Access Level||
SMS: Operator (custom)
A user who belongs to a group with a custom operator role, that has Access SMS Web Services option enabled.
Required credential parameters
To add credentials in QRadar log in as an administrator and use Configuration Source Management on the Admin tab.
|Enter the following credentials:
Username: <IPS CLI username>
Password: <IPS CLI password>
Enable Username: <SMS username>
Enable Password: <SMS password>
Supported connection protocols
To add protocols in QRadar, log in as an administrator and use Configuration Source Management on the Admin tab.
|Use any one of the following supported connection protocols:
Telnet for IPS CLI
SSH for IPS CLI
HTTPS for SMS
Commands that the adapter requires to log in and collect data
show filter $filterNumber (for each signature found in Digital Vaccine)
API commands sent to the SMS to retrieve the most recent signatures