3/2/2024 0 Comments Alienvault taxii feedThe given steps to contact the Cisco Global Licensing Operations (GLO) team to obtain the feature key: If you are an existing user using the Classic Licensing mode and you do not have an External Threat Feeds feature key, follow Managing Email Gateways using the Classic Licensing Mode Handle messages that contain threats using:Īttach the content filters that you configured to detect malicious domains, URLs, or file hashes in messages to an incomingĪttaching Content Filter to Incoming Mail Policy Obtaining External Threat Feeds Feature KeyĮnable the ETF engine on your email gateway.Įnabling External Threat Feeds Engine on Email GatewayĬonfigure an ETF source to allow your email gateway to fetch threat feeds in STIX format from a TAXII server.Ĭonfiguring an External Threat Feed Source Obtain an External Threat Feeds feature key. How to Configure Email Gateway to Consume External Threat Feeds The following versions of STIX/TAXII are supported for this release - STIX 1.1.1 and 1.2 with TAXII 1.1. Via services (TAXII servers) across different organizations or product lines. TAXII (Trusted Automated eXchange of Indicator Information) defines a set of specifications to exchange cyber threat information URL Watchlist (describes a set of suspected malicious URLs) IP Watchlist (describes a set of suspected malicious IP addresses)ĭomain Watchlist (describes a set of suspected malicious domains) The following is a list of STIX Indicators of Compromise (IOCs) supported for this release:įile Hash Watchlist (describes a set of hashes for suspected malicious files) STIX (Structured Threat Information eXpression) is the industry standard, structured language to represent cyber threat information.Ī STIX source consists of an indicator that contains a pattern used to detect malicious or suspicious cyber activity. For information on how to obtain a feature key, You need a valid feature key to use the ETF feature on your email gateway. Improve the efficacy of the email gateway. Subscribe to local and third-party threat intelligence sources. Proactively respond to cyber threats such as, malware, ransomware, phishing attacks, and targeted attacks. The ability to consume external threat information in the email gateway, helps an organization to: The External Threat Feeds (ETF) framework allows the email gateway to consume external threat information in STIX format communicated Displaying Threat Details in Message TrackingĬonfiguring Email Gateway to Consume External Threat Feeds.Monitoring External Threat Feeds Engine Updates.Attaching Content Filter to Incoming Mail Policy.Detecting Malicious Files in Messages Attachments Using Message Filter.Detecting Malicious Files in Message Attachments Using Content Filter.Detecting Malicious URLs in Messages Using Message Filter.Detecting Malicious URLs in Messages Using Content Filter.Detecting Malicious Domains in Messages Using Message Filter.Detecting Malicious Domains in Messages Using Content Filter.Configuring Content or Message Filters for Handling Messages Containing Threats.Configuring a Sender Group for Handling Messages containing Threats.Configuring an External Threat Feed Source.Enabling External Threat Feeds Engine on Email Gateway.Obtaining External Threat Feeds Feature Key. ![]() ![]() How to Configure Email Gateway to Consume External Threat Feeds.Configuring Email Gateway to Consume External Threat Feeds.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |