Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Custom Feed Sources Overview

    Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources, including Sky ATP and lists you customize by adding IP addresses, domains, and URLs to your own lists.

    Note: Sky ATP feeds and custom feeds are mutually exclusive. You can only have one source for whitelist, blacklist, and infected host feeds.

    The following types of custom threat feeds are available:

    • Dynamic Address—A dynamic address is a group of IP addresses that can be imported from external sources. These IP addresses are for specific domains or for entities that have a common attribute such as a particular undesired location that poses a threat. You can then configure security policies to use the dynamic addresses within a security policy.
    • Whitelist—A whitelist contains known trusted IP addresses, URLs, and domains. Content downloaded from locations on the whitelist does not have to be inspected for malware.
    • Blacklist—A blacklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blacklist is blocked, and therefore no content can be downloaded from those sites.
    • Infected Host—Infected hosts are hosts known to be compromised.

    For threat management policies to use these feeds, you must enter configuration information for each feed type.

    Modified: 2017-09-28