Config: End-Point Threat Detection & NFA-DC Service Access
Posted: Thu Nov 03, 2016 10:21 am
Netflow Data Center Services (NFA-DC) enable you to keep be kept updated with latest CySight content including:
External Threats
End-Point Threat Bad Actors such as botnets, Ransomware, The Onion Router (Tor), illicit p2p sharing, bad reputation, hackers and malware and contextual end-points found in External Accounts such as Social Networks, Search Engines, Video Streaming etc ....
Contextual information (Early access to changes usually only available in major releases)
ASN,
IP to Country,
MAC Address tables,
NBAR
etc ...
1) Enable Data Center Services access
Click on the Device and select Modify
b) Simply enable the Data Center Services and press confirm.
2) Depending on your Device you may need to confirm that Threat Detection has been enabled for that Device.
a) Click on a Device and select Modify
b) Ensure that the "Detect Threat" is set to "Both Side IP"
c) If you edited please click "Confirm"
External Threats
End-Point Threat Bad Actors such as botnets, Ransomware, The Onion Router (Tor), illicit p2p sharing, bad reputation, hackers and malware and contextual end-points found in External Accounts such as Social Networks, Search Engines, Video Streaming etc ....
Contextual information (Early access to changes usually only available in major releases)
ASN,
IP to Country,
MAC Address tables,
NBAR
etc ...
1) Enable Data Center Services access
Click on the Device and select Modify
Please note that Data Center service access is disabled by default. This is to prevent communications to our site unless specified by youa) Check that your server is allowed to access "datacenter.cysight.ai"
b) Simply enable the Data Center Services and press confirm.
2) Depending on your Device you may need to confirm that Threat Detection has been enabled for that Device.
a) Click on a Device and select Modify
b) Ensure that the "Detect Threat" is set to "Both Side IP"
c) If you edited please click "Confirm"
PLEASE NOTE: Do not enable "Tune Threat". This is an advanced feature used to reduce overhead in certain very large environmentsCySight Threat Feed is a Subscription and is available for a free 30-day evaluation from Data Center Services Activation