Automatically remove the security tag?

Agryppa · ‎11-10-2015

Hello,

Is there any possibility to automatically remove the security tag from the machine?

I test the automatic blocking of events from the IPS / IDS (Deep Security), everything works fine. Unfortunately, once assigned tag will block indefinitely (until you delete it manually from vm).

Regards,

Piotr

smitmartijn · ‎11-10-2015

Hi Piotr,

Basically you can do two things; ask Trend Micro whether they can remove the tags after a certain period (I wasn't able to find any documentation on the ability for them to do so), or create a script that removes the tags periodically after a certain amount of time. There's not much the NSX Manager or vCenter can do with it, as NSX just gets a command 'set this security tag on this vm' - Would definitely be cool to have security tags that can expire, but that's not the case right now. 😉

SRoland · ‎11-24-2015

Hi Piotr,

The solution (Trend Micro?) what you are using should remove the tag as soon as the reason for adding the tag was handled properly.

However you may also remove/detach the tag with REST API call (NSX-v 6.1 API Reference Guide page 107):

DELETE https://<nsxmgr-ip>/api/2.0/services/securitytags/tag/{TagIdentifierString}/vm/{vmMoid}

But again it is safer if the solution handles this first properly.

HTH,

//Roland

Agryppa · ‎11-25-2015

Hello,

Ok, thank you colleagues, I ask the Trend Micro in this topic (and test api).

Regards,

Piotr

All

Automatically remove the security tag?