Trend Micro TippingPoint

Cyware Orchestrate

Trend Micro TippingPoint

App Vendor: Trend Micro

App Category: Network Security

Connector Version: 1.1.1

API version: 1.0.0

Product Version: 5.0.0

Note

This app is currently released as a beta version.

About App

The Trend Micro TippingPoint app allows security teams to integrate with Trend Micro TippingPoint enterprise application for protection against known, unknown, and undisclosed threats through actions such as quarantining IP addresses and removing IP addresses from quarantine.

The Trend Micro TippingPoint app in the Orchestrate application can perform the below listed actions:

Action Name	Description
Quarantine an IP Address	This action quarantines an IP address.
Unquarantine IP Address	This action removes an IP address from quarantine.
Add Reputation Entry	This action adds a reputation entry.
Delete Reputation Entry	This action deletes a reputation entry.
Get Collections	This action provides information about all the collections.
Get Object From Collection	This action retrieves an object from a collection according to the ID.
Get Database Schema Information	This action retrieves the database schema information.
Generic Action	This is a generic action used to make requests to any Trend Micro TippingPoint endpoint.

Configuration Parameters

The following configuration parameters are required for the Trend Micro TippingPoint app, to communicate with Trend Micro TippingPoint enterprise application. The parameters can be configured by creating instances in the Trend Micro TippingPoint app.

Parameter	Description	Field Type	Required / Optional	Comments
Base URL	Enter the base URL, FQDN or the IP address of the SMS server. Example: "http[s]://<sms_server[:port]"	Text	Required
Username	Enter the Security Management System (SMS) username.	Text	Required
Password	Enter the Security Management System (SMS) password.	Password	Required
Timeout	Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Trend Micro TippingPoint.	Integer	Optional	Allowed range: 15-120 Default value: 15
SSL Verification	Enter the preference to either verify or skip the SSL verification.	Boolean	Optional	Allowed values: Yes No Default value: No

Action: Add Reputation Entry

This action adds a reputation entry.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
IP Address	Enter an IP address to add a reputation entry.Example:"10.0.10.1"	Text	Optional	The parameter is optional if a DNS or a URL is provided.
DNS	Enter a DNS name to add a reputation entry.	Text	Optional	The parameter is optional if an IP address or a URL is provided.
URL	Enter a URL to add a reputation entry.	Text	Optional	The parameter is optional if an IP address or a DNS is provided.
Tags	Enter the tags for IOCs as comma separated values.	Text	Optional

Action: Delete Reputation Entry

This action deletes a reputation entry.

Action Input Parameters

Parameters	Description	Field Type	Required/Optional	Comments
Criteria	Enter the criteria to delete a reputation entry.	Text	Required
IP Address	Enter the IP Address to delete a reputation entry. Example: "10.0.10.1"	Text	Optional	The parameter is optional if a DNS or a URL is provided.
DNS	Enter a DNS name to add a reputation entry.	Text	Optional	The parameter is optional if an IP address or a URL is provided.
URL	Enter a URL to delete a reputation entry.	Text	Optional	The parameter is optional if an IP address or a DNS is provided.
Tags	Enter the tags for IOCs as comma separated values.	Text	Optional

Action: Get Collections

This action provides information about all the collections.

Action Input Parameters

There are no input parameters required for this action.

Action: Get Database Schema Information

This action retrieves the database schema information.

Action Input Parameters

Parameters

Description

Field Type

Required/Optional

Comments

Database

Enter the database to retrieve the database schema information.

Example:

"Oracle"

Text

Optional

Default value:

MySQL

Allowed values:

MySQL
Oracle

Action: Get Object From Collection

This action retrieves an object from a collection according to the ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Object ID	Enter the Object ID to retrieve an object from a collection.	Text	Required

Action: Quarantine IP address

This action quarantines an IP address.

Action Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
IP Address	Enter the target host as the IP Address. Example: "10.0.10.1"	Text	Required
Policy Name	Enter the policy name. Example: "Quarantine-policy"	Text	Required	Enable Allow SNMP Trap or Web Service call to invoke the Policy initiation setting for the Policy. The policy name is case sensitive and must match an existing SMS Active Response policy name.
Timeout	Enter the duration of the response.	Text	Optional	By default, the timeout value from the Policy is used.

Parameter

Description

Field Type

Required / Optional

Comments

IP Address

Enter the target host as the IP Address.

Example:

"10.0.10.1"

Text

Required

Policy Name

Enter the policy name.

Example:

"Quarantine-policy"

Text

Required

Enable Allow SNMP Trap or Web Service call to invoke the Policy initiation setting for the Policy.
The policy name is case sensitive and must match an existing SMS Active Response policy name.

Timeout

Enter the duration of the response.

Text

Optional

By default, the timeout value from the Policy is used.

Action: Unquarantine IP Address

This action removes an IP address from quarantine.

Action Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
IP Address	Enter the target host as the IP Address. Example: "10.0.10.1"	Text	Required
Policy name	Enter the policy name. Example: "Quarantine-policy"	Text	Optional	Enable Allow an SNMP Trap or Web Service call to invoke this Policy initiation setting for the Policy. The policy name is case sensitive and must match an existing SMS Active Response Policy name.
Timeout	Enter the duration of the response.	Text	Optional	By default, the timeout value from the Policy is used.

Parameter

Description

Field Type

Required / Optional

Comments

IP Address

Enter the target host as the IP Address.

Example:

"10.0.10.1"

Text

Required

Policy name

Enter the policy name.

Example:

"Quarantine-policy"

Text

Optional

Enable Allow an SNMP Trap or Web Service call to invoke this Policy initiation setting for the Policy.
The policy name is case sensitive and must match an existing SMS Active Response Policy name.

Timeout

Enter the duration of the response.

Text

Optional

By default, the timeout value from the Policy is used.

Action: Generic Action

This is a generic action used to make requests to any Trend Micro TippingPoint endpoint.

Parameters	Description	Field Type	Required/Optional	Comments
Method	Enter the HTTP method to make the request. Example: GET	Text	Required	Allowed values: GET, PUT, POST, DELETE
Endpoint	Enter the endpoint to make the request. Example: taxii/feeds/collections	Text	Required
Query Params	Enter the query parameter to pass to the API. Example: {'type': 'status','incidentId': '<incident_id>'}	Key value	Optional
Payload	Enter the payload data. Example: {'apiKey': 'socmdcoimsd'}	Key value	Optional
Extra Fields	Enter the extra fields to pass to the API.	Key value	Optional	Allowed keys: response_type, payload_json, custom_output, download, filename, files, retry_wait, retry_count, include_headers

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

Trend Micro TippingPoint

Note

About App

Configuration Parameters

Action: Add Reputation Entry

Action: Delete Reputation Entry

Action: Get Collections

Action: Get Database Schema Information

Action: Get Object From Collection

Action: Quarantine IP address

Action Input Parameters

Action: Unquarantine IP Address

Action Input Parameters

Action: Generic Action

Search results