Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Threat Prevention Policy Overview

    Threat prevention policies provide protection and monitoring for selected threat profiles, including command & control servers, infected hosts, and malware. Using feeds from Sky ATP and optional custom feeds you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.

    Once policies are configured, the following fields are available on the main page to provide an overview of each policy.

    Table 1: Threat Prevention Policy Fields

    Field

    Description

    Name

    The user-created name for the policy.

    Profile: C&C Server

    Threat score settings overview if selected for the policy. (Otherwise this is empty.) For example:

    Block: 8-10

    Monitor: 5-7

    Permit: 1-4

    Profile: Infected Host

    Threat score settings overview if selected for the policy. (Otherwise this is empty.)

    Profile: Malware HTTP

    Threat score settings overview if selected for the policy. (Otherwise this is empty.)

    Profile: Malware SMTP

    Threat score settings overview if selected for the policy. (Otherwise this is empty.)

    Status

    This displays the status of the policy. This status is a clickable link you can use to change the policy status. When you first create a policy and assign it to a group, this field reads View Analysis. Read Threat Policy Analysis Overview for more information on this field.

    Note: If the policy has been updated after it has already been pushed to the endpoint, the status here is Update with a warning icon to notify you the policy has been changed but not pushed.

    Policy Enforcement Group

    This is the group to which the policy is assigned.

    Log

    This displays the log setting for the policy.

    Description

    The user-created description for the policy.

    Modified: 2017-09-20