About the Threat Prevention Policies Page
You are here: Configure > Security Services > Threat Prevention > Policies.
You can view and configure threat prevention policies. Threat prevention policies provide protection and monitoring for configured threat profiles, including command and control server, infected hosts, and malware. Using threat intelligence feeds in policies, ingress and egress traffic is monitored for suspicious content and behavior.
Tasks You Can Perform
You can perform the following tasks from this page:
Create a threat prevention policy. See Add a Threat Prevention Policy.
Edit a threat prevention policy. See Edit a Threat Prevention Policy.
Delete a threat prevention policy. See Delete Threat Prevention Policy.
Search for text in a threat prevention policy. See Search for Text in Threat Prevention Policies Table.
Field Descriptions
Table 1 describes the fields on the Threat Prevention Policies page.
Table 1: Fields on the Threat Prevention Policies Page
Field | Description |
---|---|
Name | Enter a threat prevention policy name. Name must begin with an alphanumeric character; dashes and underscores are allowed; cannot exceed 63 characters. |
C&C Server | Displays the range value of threat score set for this policy on a C&C server. A C&C profile would provide information on C&C servers that have attempted to contact and compromise hosts on your network. If the threat score of a feed is between this range, the feed will be blocked or permitted based on the threat score. |
Infected Host | Displays the range value of threat score set for this policy if . An infected host profile would provide information on compromised hosts and their associated threat levels. |
Malware HTTP | A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. |
Malware SMTP | A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs. |
Log | All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged. |
Description | Enter a description for the threat prevention policy. |