How do we create policies that uses third party intelligence data in Securonix 4.6 for activity logs based policy?

asked 04 Nov '14, 17:33

Aditya's gravatar image

accept rate: 6%

edited 04 Nov '14, 17:37

Prerequisite - Please make sure that the third party intelligence data is imported into the system. To enable TPI based policies, navigate to Run -> Policy Violations.

  • Click on Actions -> Create Policy ( or Create Policy with HQL)
  • Enter the policy details in step - 1
  • Select the appropriate policy template in step -2( Make sure the objects 'Activity' and 'Hourly Activity' is present in the template selected)
  • In Step-3, add the conditions for this policy.To enable TPI, enable 'Use Post Process Functions?' to Yes. Select the 'Check Against Third Party Intelligence' checkbox.
  • In the 'Select Field to Check' dropdown, select 'Activity' if you would like to compare attributes mapped to transactionstrings against TPI data, else select Activityfreqnwtime to select the appropriate attribute ( i.e. if the destination host name from the logs is mapped to 'Destination Host Name', then select 'Destination Host Name' from the attribute dropdown.
  • Under the 'Third Party Intelligence Category' dropdown, select 'Domain Categories' to use domain categories to flag appropriate domains. Else, select 'Public Malware Domains' and select the source of TPI data in the dropdown below.

Save the policy.


answered 04 Nov '14, 17:36

Aditya's gravatar image

accept rate: 6%

edited 05 Nov '14, 11:46

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 04 Nov '14, 17:33

Seen: 784 times

Last updated: 05 Nov '14, 11:46