Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Create and Manage Metadata Streaming Profiles to Detect Command-and-Control (C2) Communications

Create Metadata Streaming Profiles

  1. In the Metadata Streaming Profiles section, click the plus icon ().
    The Create Metadata Streaming Profile page is displayed.
  2. Enter a unique profile name within 63 alphanumeric characters. You can use special characters such as _ and -.
  3. In the HTTP section, enable the Encrypted c2 toggle button.
  4. Select how you want to log a request:

    • Log detections—Log the request only if a threat is detected.

    • Log everything—Log all requests received by the device.

  5. Enable the Fallback options log toggle button to log the request if no threat is detected.
  6. Click OK.
    The metadata streaming profile is created and displayed on the Metadata Streaming Policy page.

Manage Metadata Streaming Profiles

  • Edit—Select the profile, and then click the pencil icon (Blue pencil icon indicating edit functionality.).

  • Clone—Select the profile, and then click More > Clone.

    Note:

    By default, the profile name is suffixed with _copy_1.

  • Delete—Select the profile, and then click the trash can icon (Blue trash can icon representing delete or remove function.).