...
If your network configuration includes ActiveTrust Plus or ActiveTrust Advanced Cloud, you can configure a cloud integration client to collect malicious domains detected by the Threat Insight in the cloud. NIOS then applies the detected domains to RPZs that were configured for the on-premises Grid. This feature ensures that all malicious domains detected in the cloud are also captured for on-premises members.
You can use this feature when you have ActiveTrust Plus or ActiveTrust Advanced license. Note that you can configure only one cloud client per on-premises Grid and you must first request an API key through the Cloud Services Portal, so that the cloud client is authorized to retrieve data from Threat Insight in the Cloud.
To configure Threat Insight for the cloud client:
- From the Data Management tab, select the Threat Analytics tab -> Whitelist tab, click the Add icon or click Add Custom Whitelist from the Toolbar.In the Add Custom Whitelist wizard, complete the following:
- Domain Name: Enter the name of the domain that you want to add to the analytics whitelist.
- Comment: Enter additional information about this domain. the DNS tab -> Response Policy Zones tab. Expand the Toolbar and click Threat insight in the Cloud Client.
- In the Threat insight in the Cloud Client editor, complete the following:
- Enable Cloud Client: Select this check box to enable Threat Insight results in the cloud client.
- API Key: You must request an API key to establish an authorized connection with the cloud client. Click Request API Key to request an API key. Do the following in the Request API Key from the Cloud Services Portal dialog box:
- API Key: You must request an API key to establish an authorized connection with the cloud client. Click Request API Key to request an API key. Do the following in the Request API Key from the Cloud Services Portal dialog box:
- Email: Enter the email address that is registered in the Infoblox Cloud Services Portal.
- Password: Enter the password that is registered in the Infoblox Cloud Services Portal.
An API key is generated in the API Key text box only when you enter the correct email address and password. An error message is displayed for an invalid email address and password.
Interval: You can specify how often to request Threat Insight results detected in the cloud client in seconds or minutes. The default is 10 minutes.
The list of Response Policy Zones to use for blacklisted domains: Click the Add icon to add an RPZ to the list. When there are multiple zones, Grid Manager displays the Zone Selector dialog box from which you can select one. You can add an RPZs from different network and DNS views. Whenever a new RPZ is added and the cloud client requests data, Grid Manager displays a Warning dialog box to confirm that you wish to request all detected domains by Threat Insight in the cloud client. Even if you have clicked No in the Warning dialog box, you can use the set
cloud_services_portal_force_refreshCLI command in maintenance mode and set the flag to request all domains detected in the cloud client.- Disable: When you select this, the appliance does not treat this domain as a trusted domain. When you enable the domain again, it is considered as a whitelisted domain.
- Save the configuration. You do not need to restart DNS service to update the analytics whitelistClick Save & Close.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...