ON THIS PAGE
About the Advanced Threat Prevention Page
You are here: Security Services > Advanced Threat Prevention.
You can view and configure threat prevention policies. Threat prevention policies provide protection and monitoring for configured threat profiles, including command and control server, infected hosts, and malware. Using threat intelligence feeds in policies, ingress and egress traffic is monitored for suspicious content and behavior.
Tasks You Can Perform
You can perform the following tasks from this page:
Create a threat prevention policy. See Add a Threat Prevention Policy.
Edit a threat prevention policy. See Edit a Threat Prevention Policy.
Delete a threat prevention policy. See Delete Threat Prevention Policy.
Filter the threat prevention policies based on select criteria. To do this, select the filter icon at the top right-hand corner of the Threat Prevention Policies table. The columns in the grid change to accept filter options. Type the filter options; the table displays only the data that fits the filtering criteria.
Show or hide columns in the Threat Prevention Policies table. To do this, use the Show Hide Columns icon in the top right corner of the page and select the options you want to show or deselect to hide options on the page.
Advance search for threat prevention policies. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. In the search text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.
For an advanced search:
Enter the search string in the text box.
Based on your input, a list of items from the filter context menu appears.
Select a value from the list and then select a valid operator based on which you want to perform the advanced search operation.
Note:Press Spacebar to add an AND operator or OR operator to the search string. Press backspace at any point of time while entering a search criteria, only one character is deleted.
Press Enter to display the search results in the grid.
Field Descriptions
Table 1 describes the fields on the Threat Prevention Policies page.
Field |
Description |
---|---|
Name |
Enter a threat prevention policy name. Name must begin with an alphanumeric character; dashes and underscores are allowed; cannot exceed 63 characters. |
C&C Server |
Displays the range value of threat score set for this policy on a C&C server. A C&C profile would provide information on C&C servers that have attempted to contact and compromise hosts on your network. If the threat score of a feed is between this range, the feed will be blocked or permitted based on the threat score. |
Infected Host |
Displays the range value of threat score set for this policy if . An infected host profile would provide information on compromised hosts and their associated threat levels. |
Malware HTTP |
A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. |
Malware SMTP |
A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. |
Log |
All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged. |
Description |
Enter a description for the threat prevention policy. |