Hello,
Is there any possibility to automatically remove the security tag from the machine?
I test the automatic blocking of events from the IPS / IDS (Deep Security), everything works fine. Unfortunately, once assigned tag will block indefinitely (until you delete it manually from vm).
Regards,
Piotr
Hi Piotr,
Basically you can do two things; ask Trend Micro whether they can remove the tags after a certain period (I wasn't able to find any documentation on the ability for them to do so), or create a script that removes the tags periodically after a certain amount of time. There's not much the NSX Manager or vCenter can do with it, as NSX just gets a command 'set this security tag on this vm' - Would definitely be cool to have security tags that can expire, but that's not the case right now. 😉
Hi Piotr,
The solution (Trend Micro?) what you are using should remove the tag as soon as the reason for adding the tag was handled properly.
However you may also remove/detach the tag with REST API call (NSX-v 6.1 API Reference Guide page 107):
DELETE https://<nsxmgr-ip>/api/2.0/services/securitytags/tag/{TagIdentifierString}/vm/{vmMoid}
But again it is safer if the solution handles this first properly.
HTH,
//Roland
Hello,
Ok, thank you colleagues, I ask the Trend Micro in this topic (and test api).
Regards,
Piotr