TippingPoint IPS Adapter
JSA Risk Manager supports TippingPoint IPS (intrusion prevention system) appliances that run TOS and that are under SMS control.
The following features are available with the TippingPoint IPS adapter:
Telnet, SSH+HTTPS connection protocols
This adapter requires interaction with the following devices:
IPS directly by using the TippingPoint operating system (TOS) over Telnet or SSH.
TippingPoint Secure Management Server (SMS) via the web services API over HTTPS.
A connection to the TippingPoint SMS is required to get the most recent Digital Vaccines signatures, which are managed by the SMS.
This adapter works only with IPS devices under SMS control. The SMS web services must be enabled for a successful backup.
This list is limitations of the TippingPoint adapter:
JSA Risk Manager doesn't process source or destination IP addresses in IPS rules or filters. The following TippingPoint features are not supported:
Traffic management filters
Profile or filter exceptions and restrictions
IPS filters without an associated CVE are not modeled because the IPS cannot be mapped to any JSA vulnerabilities.
The integration requirements for the TippingPoint adapter are described in following table:
Table 1: TippingPoint IPS Adapter
TOS 3.6 and SMS 4.2
Minimum User Access Level
SMS: Operator (custom)
A user who belongs to a group with a custom operator role, that has Access SMS Web Services option enabled.
Required credential parameters
To add credentials in JSA log in as an administrator and use Configuration Source Management on the Admin tab.
Enter the following credentials:
Username: <IPS CLI username>
Password: <IPS CLI password>
Enable Username: <SMS username>
Enable Password: <SMS password>
Supported connection protocols
To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.
Use any one of the following supported connection protocols:
Telnet for IPS CLI
SSH for IPS CLI
HTTPS for SMS
Commands that the adapter requires to log in and collect data
show filter $filterNumber (for each signature found in Digital Vaccine)
API commands sent to the SMS to retrieve the most recent signatures