Direct Lookups for IP Reputation Classifications
To ensure that your IP reputation classifications are using the most recent classification information that is available, create rules and queries that use direct X-Force IP reputation lookups.
You can use the following X-Force IP categorizations:
-
Anonymization Services
-
Botnet Command and Control Server
-
Bots
-
Cryptocurrency Mining
-
Dynamic IPs
-
Malware
-
Scanning IPs
-
Spam
For example, a rule that uses the Anonymization Services categorization might use the following building block:
when Destination IP is categorized by X-Force as Anonymization Services with confidence value greater than 50
In Ariel Query Language (AQL), you can use the XFORCE_IP_CATEGORY function instead.