Spotlight Secure Security Intelligence

WebApp Secure builds attacker fingerprints from characteristics of attacker web requests. This information can then be queried against the Spotlight Secure attacker database to help identify and report malicious activity. To use this service, you must enable it.

  1. In the Web UI, go to Spotlight Secure >Security Intelligence.
  2. In the Security Intelligence window, click the Configure button.
  3. Enter values for following fields:
    • Service Enabled–Select True from the pulldown menu.
    • Spotlight Secure Connector URL–This is the URL for the Connector.
    • Auth Token–A secret token string configured on the Connector REST API for a WebApp secure appliance authorized to access the Connector. Refer to your Spotlight Connector documentation for details.
    • Group Name–A named container for attackers from this particular WebApp Secure appliance. Every WebApp Secure instance that publishes to the Connector adds the attacker cookies or IPs to their named group.
    • SSL Server Certificate– A PEM-formatted SSL certificate from the Spotlight Connector's REST API server. If the Spotlight Connector URL is HTTPS, access to the Connector from WebApp Secure will take place using HTTP over SSL. Note that if the connector administrator wants to use a self-signed server certificate, the certificate may be exported as a .pem file, and the contents of the file can be entered into the server certificate configuration value.

    Figure 69: Security Intelligence Configuration

    Security Intelligence Configuration
  4. Click the Save button to save your configuration.

Figure 70: Spotlight Secure Session Cookies

Spotlight Secure Session Cookies

Related Documentation