Deep Security 10.1 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Configure NSX security tags
Deep Security can apply NSX Security Tags to protected VMs upon detecting a malware threat. NSX Security Tags can be used with NSX Service Composer to automate certain tasks, such as quarantining infected VMs. Consult your VMware NSX documentation for more information on NSX Security Tags and dynamic NSX Security Group assignment.
The Anti-Malware and Intrusion Prevention System protection modules can be configured to apply NSX Security Tags.
To configure the Intrusion Prevention module to apply NSX Security Tags, go to Computer or Policy editor > Intrusion Prevention > Advanced > NSX Security Tagging.
Intrusion Prevention Events have a severity level that is determined by the severity level of the Intrusion Prevention Rule that caused it.
Intrusion Prevention Rule severity levels map to NSX tags as follows:
IPS Rule Severity | NSX Security Tag |
---|---|
Critical | IDS_IPS.threat=high |
High | IDS_IPS.threat=high |
Medium | IDS_IPS.threat=medium |
Low | IDS_IPS.threat=low |
You can configure the sensitivity of the tagging mechanism by specifying the minimum Intrusion Prevention severity level that will cause an NSX security tag to be applied to a VM.
The options for the Minimum rule severity to trigger application of an NSX Security Tag setting are:
- Default (No Tagging): No NSX tag is applied.
- Critical: An NSX tag is applied to the VM if an Intrusion Prevention Rule with a severity level of Critical is triggered.
- High: An NSX tag is applied to the VM if an Intrusion Prevention Rule with a severity level of High or Critical is triggered.
- Medium: An NSX tag is applied to the VM if an Intrusion Prevention Rule with a severity level of Medium, High, or Critical is triggered.
- Low: An NSX tag is applied to the VM if an Intrusion Prevention Rule with a severity level of Low, Medium, High, or Critical is triggered.
Separate settings are provided for Rules that are operating in Prevent mode and for Rules that operating in Detect-only mode.
