...
Note | ||
---|---|---|
| ||
Applying Rules When you choose a policy type, the system adds it to the table. You can perform the following for each rule:
|
- Custom List: Select this rule to add a custom list to the policy. Complete the following to add a custom list to a security policy:
- OBJECT: From the OBJECT menu, select a custom list from among the available custom lists options. You can view the Threat Level and Threat Confidence scores for any available custom lists. Custom lists can be either allow lists or block lists, depending on the actions that you assign. Click Select to add the custom list to the policy.
ACTION: From the ACTION menu, select an action type for the custom list to be added to your security policy. Action types include the following:
Allow - No Log: Allows filtering of custom lists without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of custom lists with logging of responses.
Block - No Redirect: Blocks filtering of custom lists when no redirection is used.
Block - Default Redirect: Blocks filtering of custom lists when the default redirect is used.
Block - Redirect: Blocks filtering of custom lists when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of custom lists when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of custom lists when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of custom lists when using a redirect. Events will not be displayed in Security Activity reports.
You can also add a new custom list by selecting New Custom List from among the available custom list options.
For more information about custom lists, see Custom Lists.
- Feeds and Threat Insight: Select this rule to add a feed or Threat Insight to the policy. Your custom TIDE feeds (TIDE Bring Your Own Feed or TIDE BYOF) are listed under the list of available feed options. Complete the following to add a feed or Threat Insight to a security policy:
- OBJECT: From the OBJECT menu, select a feed or Threat insight from among the available feed and Threat insight options. You can view the Threat Level and Threat Confidence scores for any available items. Click Select to add the feed or Threat insight to the policy.
ACTION: From the ACTION menu, select an action type for the feed or Threat Insight to be added to your security policy. Action types include the following:
Allow - No Log: Allows filtering of feeds and threat insight without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of feeds and threat insight with logging of responses.
Block - No Redirect: Blocks filtering of feeds and threat insight when no redirection is used.
Block - Default Redirect: Blocks filtering of feeds and threat insight when the default redirect is used.
Block - Redirect: Blocks filtering of feeds and threat insight when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of feeds and threat insight when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of feeds and threat insight when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of feeds and threat insight when using a redirect. Events will not be displayed in Security Activity reports.
- Feeds and Threat Insight: Select this rule to add a feed or Threat Insight to the policy. Your custom TIDE feeds (TIDE Bring Your Own Feed or TIDE BYOF) are listed under the list of available feed options. Complete the following to add a feed or Threat Insight to a security policy:
...
You can also add a new category filter by selecting New Category Filter from among the available custom list options. To create a custom list,
For more information, see Creating Category Filters.
...
You can also add a custom application filter by selecting New Filter from the Choose Application Filter menu. To create your custom application filter, you must provide a name for the custom application list; a description is optional.
For more information, see Creating Application Filters.
...
Precedence order considerations when defining a policy based on tags: If the Default Global Policy has higher precedence than a custom policy having network scopes defined based on tags, then the Default Global Policy will continue to work because its precedence is higher than the custom policy. For a custom policy having network scope defined based on tags to work, it should have higher precedence than the Default Global Policy. For information on applying tags to BloxOne Threat Defense objects, see Applying Tags.
For more information, see Creating Tags.
...