You must enable the Threat List AIE rules you want to use. To see the Threat List AIE rules, open the Deployment Manager and click the AI Engine tab. Type Threat List in the AI Engine Rule Name filter field.
To enable an AIE rule:
-
Select the AIE rule, right-click the rule, click Actions, and select Enable.
-
In the Confirm Enable dialog box, click Yes.
When you have enabled all of the rules you will use, restart the AI Engine servers by clicking Restart AI Engine Servers in the AI Engine tab. The Threat List AI Engine rules are as follows:
|
Attack: Security Event After Threat List IP |
Network Anomaly: Multiple Threat List IPs |
|
Attack: Security Event Then Threat List IP |
Network Anomaly: Threat List Attack IP |
|
Compromise: Auth with Threat List IP |
Network Anomaly: Threat List Attack URL |
|
Compromise: Internal Threat List IP Config Change |
Network Anomaly: Threat List Fraud IP |
|
Malware: Threat List Bot IP |
Network Anomaly: Threat List Fraud URL |
|
Malware: Threat List Bot URL |
Network Anomaly: Threat List New Source |
|
Malware: Threat List Malware File Name |
Network Anomaly: Threat List New Threat IP |
|
Malware: Threat List Malware File Path |
Network Anomaly: Threat List Phishing IP |
|
Malware: Threat List Malware IP |
Network Anomaly: Threat List Phishing Recipient |
|
Malware: Threat List Malware Process |
Network Anomaly: Threat List Phishing Source |
|
Malware: Threat List Malware URL |
Network Anomaly: Threat List Phishing Subject |
|
Malware: Threat List Malware User-Agent |
Network Anomaly: Threat List Phishing URL |
|
Network Anomaly: Communication with Threat List IP |
Network Anomaly: Threat List Suspicious IP |
|
Network Anomaly: Multiple Internal Hosts to Threat List IP |
|