OTX IP Reputation Data Correlated with Events In addition, information is provided on filtering events based on related pulse information and risk based on specific IP Reputation levels. The same mechanism is used in a high availability (HA) deployment to replicate OTX pulses between nodes.įollowing sections describe collection of IP Reputation information used in calculating risk for specific events. When the Sensor is removed, the firewall rule is deleted. Note: When a USM Appliance Sensor is added to the USM Appliance Server, a firewall rule is created to allow OTX traffic going through TCP port 6380. This replication is read-only so that the copy on the USM Appliance Server remains intact. In a distributed environment, the USM Appliance Server replicates the OTX pulses to the connected USM Appliance Sensors through TCP port 6380. It generates an alarm when a malicious IP address communicates with any of your assets, or when some of the other IoCs, including CIDR (IPv4 only), domain, and hostname, are detected in your network. USM Appliance checks OTX pulses against all NIDS events.As soon as you log into USM Appliance, you can see which pulses are most active in your environment by looking at the USM Appliance Dashboards Overview.You can review OTX pulses about related threat vectors in USM Appliance.You receive updates on your subscribed pulses by email, either individually as they occur or in digest mode.USM Appliance detects threat updates every 30 minutes for all pulses to which you subscribe, either directly or through subscriptions to other OTX users.Such interactions might consist of malicious IPs communicating with systems, malware detected in your network, or outbound communication with command-and-control (C&C) servers.Ĭonnecting OTX to USM Appliance helps manage risks and threats in the following ways: USM Appliance then correlates that data with incoming events, alerting you to OTX pulse and IP Reputation-related security events/alarms when it detects IoCs interacting with assets in your environment. Note: Reputation data is updated separately from OTX pulse information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |