ThreatIntelPolicy encapsulating a threat intelligence database based blocking solution for service sessions, which can be referenced using its identifier. The database is provided by Malware Information Sharing Platform (MISP) wich uses a Threat Level field to classify the risk associated with a security event. If ThreatIntelPolicy is configured for a given service and the threat level of the server IP address of a Dispatcher is registered and defined in the database, connection to the server will be denied.
The available Threat Levels which are used in the database are listed below.
High: Sophisticated Advanced Persistent Threats (APTs) and 0-day attacks.
Medium: Advanced Persistent Threats (APT).
Low: General mass malware..
Undefined: the IP address is registered, but the field is left undefined, which can be updated later.
The available threatintel classes which are predefined in Application-level Gateway are listed below.
ThreatIntelligence: A database based blocking solution.
Apart from the predefined ones, it is also possible to create custom threatintelligence classes. The various threatintelligence classes and their usage are described in the subsequent sections.
Copyright: © 2021 Balasys IT Security
Send your comments to support@balasys.hu
