Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

About the Threat Prevention Policies Page

 

You are here: Configure > Security Services > Threat Prevention > Policies.

You can view and configure threat prevention policies. Threat prevention policies provide protection and monitoring for configured threat profiles, including command and control server, infected hosts, and malware. Using threat intelligence feeds in policies, ingress and egress traffic is monitored for suspicious content and behavior.

Tasks You Can Perform

You can perform the following tasks from this page:

Field Descriptions

Table 1 describes the fields on the Threat Prevention Policies page.

Table 1: Fields on the Threat Prevention Policies Page

Field

Description

Name

Enter a threat prevention policy name.

Name must begin with an alphanumeric character; dashes and underscores are allowed; cannot exceed 63 characters.

C&C Server

Displays the range value of threat score set for this policy on a C&C server. A C&C profile would provide information on C&C servers that have attempted to contact and compromise hosts on your network. If the threat score of a feed is between this range, the feed will be blocked or permitted based on the threat score.

Infected Host

Displays the range value of threat score set for this policy if . An infected host profile would provide information on compromised hosts and their associated threat levels.

Malware HTTP

A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs.

Malware SMTP

A malware profile would provide information on files downloaded by hosts and found to be suspicious based on known signatures or URLs.

Log

All traffic is logged by default. Use the pulldown to narrow the types of traffic to be logged.

Description

Enter a description for the threat prevention policy.