CorreLog IP Block List and Reputation Database Application Notes
|
|
- Charlotte Hill
- 6 years ago
- Views:
Transcription
1 CorreLog IP Block List and Reputation Database Application Notes As a standard feature of the CorreLog Server software, CorreLog Inc. synthesizes and maintains a robust list of IP address subnets with bad reputations, which are saved in the "@@ip_blocklist@@ " list macro at the CorreLog Server site. This list is updated each week by CorreLog, and placed at a well-known URL on the CorreLog website, permitting easy access by CorreLog users and licensees. Specific tools are available from CorreLog to allow this reputation database to be automatically downloaded to each server, thereby maintaining a current list of subnets with bad reputations, installed at each CorreLog Server site. This application note furnishes information on the actual block list and reputation database feed, as well as information on how to configure the system to automatically download this list via an Adapter at the CorreLog Server. Component Overview The CorreLog IP Block List Reputation Database system several consists of several main parts. Block List Macro. The actual reputation database is contained in a standard CorreLog "List" type macro (viewable via the "Correlation > Config > Lists" screen.) This list macro has the and consists of 1000's of subnet addresses that identify devices with a bad reputation. Block List Feed URL. CorreLog furnishes a URL that contains a list of addresses suitable for use with list macro described above. CorreLog synthesizes a new block list periodically (about once each week) that is acquired from various public providers. (The providers are documented in a later section of the manual here.) Block List Adapter Screen. CorreLog furnishes a screen that permits the operator to configure automatic retrieval of the above feed, and incorporate changes into list macro. This automates the process of acquiring and maintaining the list of devices with bad reputations.
2 Auto-Update Feed Adapter CorreLog Server includes a simple adapter that adds a screen component to assist with automatic updates of the reputation database. This adapter is available on request, and creates the "System > Tools > Auto-Update > IP Reputation DB" tab on the system the system, which permits the administrator to schedule the fetching of the standard reputation database and report. This adapter screen is depicted below: The above screen is a standard CorreLog Server dialog. The operator clicks the "Edit" button to edit the parameters, then clicks "Save" to save the parameters for future operation. By default, the feed is fetched at the start of each month from the correlog.com website. The feed can be fetched immediately by clicking the "Download" button. The operator can view the feed process log, and can access the full report data via links at the top of the screen. Page: 2
3 The various fields and controls for this screen are as follows: Refresh Button. This button refreshes the screen with the latest information. If a new list is being downloaded, this causes the "Status" line (beneath the button) to refresh showing the progress of the Auto-Feed operation. Edit Button. This button allows the "Feed Master Enable", the "Feed URL", the "Scheduled Execution", and the "Exclude" settings to be edited. (These feels are further identified below.) Run Report Button. This button immediately fetches the feed. (Otherwise, the operator can wait for the scheduled execution, specified via the "Edit" screen.) Feed Master Enable. This setting can be changed via the "Edit" button, and is the master enabled for the scheduled feed update. A value of "Enabled" will enable the periodic process. A value of "Disabled" will disable the process (but still allow reports to be fetched automatically via the "Run Report" button. Feed URL. This setting is the URL to the feed site. Unless otherwise instructed or advised by support, the value should not be changed, and is configured to correctly access the reputation database described in this document. Proxy URL. This setting is the URL to a proxy server (if required). The proxy HTTP server should be specified as a standard URL and port number combination. If no HTTP proxy server is required or exists, then this field should be left blank to directly fetch files from the "Feed URL". Schedule Execution. This setting permits the operator to specify the schedule of when the feed is fetched from the Feed URL. The value is reflected in the "System > Scheduler" screen. The operator can select "weekly", "monthly" or an advanced schedule. (See notes on the "System > Scheduler" screen in other documents for a further discussion of controls.) Exclude Single References. This setting can be changed via the "Edit" button, and indicates the rigorousness of the list. By default, the value is "No", which indicates any subnet in the IP Block list feed will be regarded as having a bad reputation. All entries in the block list will appear in list macro. Setting the value to "Yes" requires the entry to be referenced at least twice (i.e. included in at least two lists described earlier.) This can be used to reduce false positives in some environments, by requiring the IP to be recognized by at least two lists. Identify Bad Subtest. This setting can be changed via the "Edit" button, and will output a subnet block address if more than 25 different IP addresses in the subnet are identified to have a bad reputation. This can enhance security, but Page: 3
4 can also cause false positives. Share Threat Intelligence. Adjusting this value to "Yes" will cause the top 10 devices that match the IP blocklist to be posted to the CorreLog corporate website (via an HTTP Post request.) This occurs after the IP blocklist is fetched. No other data or corporate information is shared, and the posting is completely anonymous. Setting the value to "Yes" assists CorreLog engineering with constructing the weekly reputation database. List Metric Values. The bottom of the screen indicates the number of IP addresses in the list, the size of the file, and the time that the file was downloaded. These metrics correspond to the operating lists on the system, and depend on when the list was fetched, and whether "Exclude Single References" is set to "Yes" or "No". Handling False Positives The easiest way to reduce the number of false positives for the reputation database is to simply set the "Exclude Single References" value to "Yes", which means that an IP address is not identified as having a bad reputation unless it appears on at least two lists. This will reduce the number of entries in immediate. (Note that after making this type of change to the "Edit" screen, the user should click "Run Report" to fetch the new reputation database.) Another way of handling false positives is to add any IP addresses used by your organization (which may appear in the CorreLog list, but are necessary or known to your organization) to macro on the "Correlation > Config > Lists" screen. This macro typically contains a list of IP addresses which are not blocked under any circumstances. (The user simply updates the list of IP addresses like any other list macro.) The correlation rules in the "Correlation > Threads" screen reference a rule "@@ip_blocklist@@ and which indicates that a match has to occur in macro, and NOT occur in list. Note that if you update list with an item, that item will be eliminated next time the feed is executed (typically on a weekly basis.) Therefore, you should not modify This is not a problem with list, which is entirely defined by your organization and never modified by CorreLog feeds or upgrade procedures. Finally, if you have chronic problems with certain ranges of devices, you should contact CorreLog support to review your situation. The CorreLog reputation database is easily modified to exclude certain IP addresses that may be necessary for your site. Page: 4
5 Block List Feed Information IP address information is obtained from various well-known sites that supply public domain access to IP and network reputation data. To qualify as a source site, CorreLog requires that the site be well-known and have a valid and verified WHOIS database entry. Additionally, CorreLog applies other proprietary validity checks to each IP entry. Specific sites accessed by this CorreLog initiative are as follows: (List Identifier: L_MYIP) - This website contains records in htaccess format, updated approximately once each week. WHOIS Contact Info: Michael Williams, Delta Consultants Ltd, 8 Copthall, Roseau Valley, NE (List Identifier: L_EMTHR) - This list contains raw IPs for the firewall IP block lists, derived from Spamhaus ( Top Attackers listed by DShield ( and Abuse.ch. WHOIS Contact Info: Proofpoint, Inc., 892 Ross Drive, Sunnyvale, CA (List Identifier: L_DSH) - This list contains current IP block list information, updated approximately once each week. The top 2000 sites are incorporated into the CorreLog IP block list. DShield operates a comprehensive threat website since WHOIS Contact Info: Johannes Ullrich, PO Box 13314, Jacksonville, Florida (List Identifier: L_FIREH) - This is a firewall blacklist maintained by firehol.org The list is suitable for protection on all internet facing servers, routers and firewalls, The list includes various IP sources: bambenek_c2, dshield, feodo, fullbogons, palevo,spamhaus_drop, spamhaus_edrop, sslbl, and zeus_badips. WHOIS Contact Info: Firehol Organization, 96 Mowat Ave, Toronto Ontario Canada. (List Identifier: L_MALC) - This is a firewall block list maintained by malc0de.org. WHOIS Contact Info: Dreamhost 417 Associated RD #324, BREA, CA (List Identifier: L_ZEUS) - This list is maintained by the Swiss Information Security Research Association, containing severe abuses. WHOIS Contact Info: Swiss Information Security Research Association SISRA, Bernet Monika, CH Zurich, Switzerland Page: 5
6 (List Identifier: M_TCRWD) - This list contains IP block list information that has been manually voted on by threatcrowd.org participants. The list is updated at least monthly. (See for information.).whois Contact Info: Chris Doman, 27 Bramley close, Colchester, Essex GB, CO38RU (List Identifier: D_TCRWD) - This list is similar to the above list, but contains domain names that have been manually voted on (see above.) This list is updated at least monthly. CorreLog performs a DNS lookup of these domains to acquire the IP address of each domain, which is incorporated into the CorreLog IP block list. (List Identifier: D_HOSTF) - This is a domain list contains domains that are engaged in malware distribution. (EMD, Exploit Malware Distribution) CorreLog performs a DNS lookup of these domains to acquire the IP address of each domain, which is subsequently incorporated into the CorreLog IP block list. WHOIS Contact Info: Robert Hafner, Malwarebytes, Corporation (List Identifier: D_MALW) - This is a domain list similar to above, except is a more general list furnished by This is a comprehensive list updated monthly, mainly used as a DNS sinkhole. CorreLog performs a DNS lookup of these domains to acquire the IP address of each domain, which is subsequently incorporated into the CorreLog IP block list. WHOIS Contact Info: ISK Analytics, LLC, 4370 W 109th Street, Suite 250, Leawood, KS (List Identifier: L_BLDE) - This website contains a comprehensive set of about 40,000 blocked IP addresses. The site is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked. The site works in conjunction with and other sites. WHOS Contact Info: Martin Schiftan, Tumblingerstr , 80337, Munchen, Germany NOTE: Addresses in this list are first checked with matches to other lists, since this particular list has been shown to be filled with false positives. Hence, no address in this list is included unless it appears in other lists above. Page: 6
7 Data Reporting As supporting documentation for this IP data, CorreLog generates a comprehensive report that can be used to determine the status of each IP address entry. This report is generated for each new reputation database update, and is downloadable from the CorreLog website. This report contains the following metrics. Subnet Address. This is the address subnet entry in the reputation database. There are typically between 10 and 30 thousand entries in the list. These items are added to list macro (either manually or by the "Auto- Feed" adapter described in later sections. Country Code and Name. This is the two letter country code and full country name for the subnet entry in the database. This is the same information as found in the Geo-IP database. Registration Date. This is the date and time of the registration for the IP address hostname. Reference Hostname. This is the hostname entry corresponding to the first device on the subnet (if known.) The value may be "Unknown". Reference List Identifier and Reference Count. This is the name of the block list (corresponding to the "List Identifiers" in the previous section) that indicates where this entry can be found. If the IP address matches multiple lists, only the first list identifier is provided. This field also lists is the number of lists that match the specified subnet name. This value can also be displayed by entering the IP address of a device in the standard "DNS Tool". See additional note below. Persistence. This flag is either "Yes" or "No", and indicates the particular device has previously been found on the system (Yes) or is a new device (No). This can be used to determine how promiscuous this subnet is. The report information and corresponding block list are available via separate URLs, typically downloaded automatically via the "Auto-Update Feed Adapter" described in the next section. The user can access the report information either from the Adapter plug-in screen, or via the "DNS Tool" screen (available via the "More" menu in the upper right of all screens.) Page: 7
8 Summary and Additional Notes 1. The reputation database is configured within the system, residing in the "Correlation > Config > Lists" screen, within the macro. This list can be manually modified (but any changes will be lost during the next update of the system.) This particular list macro is used by various preconfigured correlation threads and alerts. 2. After installing the REPDB adapter, the operator can navigate to the "System > Tools > Auto Update" tab to view the IP Reputation Database screen, as depicted in this manual. This screen contains controls, status, and debug information necessary to download the reputation database and update the list macro. 3. After installing the REPDB adapter, the administrator should edit the "IP Reputation Database" screen and set the "Scheduled Execution" time to be some value other than "None" for automatic updates to occur. (Otherwise and update occurs only when the user clicks the "Run Report" button on the screen.) NOTE: By default no automatic updates occur until the user sets the scheduled time to something other than the default "None" value. 4. The "GenRepDB.exe" program, which is responsible for obtaining the reputation database, is automatically configured to run by setting the "Scheduled Execution" time above. This program also appears on the "System > Scheduler" screen. 5. The "CorreLog\feeds" folder contains files used by the system, including MD5 checksums and other identification information. These files should not be modified without assistance from support. 6. No updates occur if any errors are encountered with the process, including errors with checksums on the files. In this case, the user should click the "Process Log" link to diagnose the issue. 7. The "CorreLog\feeds\GET_IP_FEED.bat" file is actually responsible for downloading the files from the reputation database using the "wget.exe" program (where the "wget.exe" program is added to the "system" folder by the installation package.) The "CorreLog\feeds\GET_IP_FEED.log" file contains the last transcript of the download operation, useful for debug and analysis. CorreLog's IP Reputation Database feed, while publicly available, may be disabled for specific users and sites if the URL is over-accessed. Sites should not download the reputation database more than once a week, except under certain circumstances. If the user cannot obtain the reputation database for any reason, contact CorreLog support for assistance. Page: 8
9 For Additional Help And Information Detailed specifications regarding the CorreLog Server, add-on components, and resources are available from our corporate website. Test software may be downloaded for immediate evaluation. Additionally, CorreLog is pleased to support proof-ofconcepts, and provide technology proposals and demonstrations on request. CorreLog, Inc., a privately held corporation, has produced software and framework components used successfully by hundreds of government and private operations worldwide. We deliver security information and event management (SIEM) software, combined with deep correlation functions, and advanced security solutions. CorreLog markets its solutions directly and through partners. We are committed to advancing and redefining the state-of-art of system management, using open and standards-based protocols and methods. Visit our website today for more information. CorreLog, Inc. mailto:support@correlog.com Page: 9
Security Correlation Server Redundancy And Failover Guide
CorreLog Security Correlation Server Redundancy And Failover Guide This document provides a discussion of techniques to implement CorreLog Server redundancy and failover, for high-availability usage of
More informationCorreLog. SNMP Trap Monitor Software Users Manual
CorreLog SNMP Trap Monitor Software Users Manual http://www.correlog.com mailto:info@correlog.com CorreLog, SNMP Trap Monitor Software Manual Copyright 2008-2017, CorreLog, Inc. All rights reserved. No
More informationCorreLog. Ping Monitor Adapter Software Users Manual
CorreLog Ping Monitor Adapter Software Users Manual http://www.correlog.com mailto:info@correlog.com CorreLog, Ping Monitor Users Manual Copyright 2008-2017, CorreLog, Inc. All rights reserved. No part
More informationSecurity Correlation Server System Deployment and Planning Guide
CorreLog Security Correlation Server System Deployment and Planning Guide The CorreLog Server provides a method of collecting security information contained in log messages generated by network devices
More informationSecurity Correlation Server Backup and Recovery Guide
CorreLog Security Correlation Server Backup and Recovery Guide This guide provides information to assist administrators and operators with backing up the configuration and archive data of the CorreLog
More informationCommon Management Database Database Definition & User Guide
orrelog Common Management Database Database Definition & User Guide This guide provides brief information on the tables accompanying the Common Management Database (CMDB) Adapter of the CorreLog Server.
More informationWhite Paper Integrating The CorreLog Security Correlation Server with McAfee epolicy Orchestrator (epo)
orrelogtm White Paper Integrating The CorreLog Security Correlation Server with McAfee epolicy Orchestrator (epo) This white paper provides a detailed discussion of objectives and methodologies for integrating
More informationCorreLog. SQL Table Monitor Adapter Users Manual
CorreLog SQL Table Monitor Adapter Users Manual http://www.correlog.com mailto:support@correlog.com CorreLog, SQL Table Monitor Users Manual Copyright 2008-2018, CorreLog, Inc. All rights reserved. No
More informationCorreLog. LDAP Interface Software Toolkit Users Manual
CorreLog LDAP Interface Software Toolkit Users Manual http://www.correlog.com mailto:support@correlog.com CorreLog, LDAP Interface Software Toolkit Manual Copyright 2008-2018, CorreLog, Inc. All rights
More informationDomainTools App for QRadar
DomainTools App for QRadar App Startup Guide for Version 1.0.480 Updated November 1, 2017 Table of Contents DomainTools App for QRadar... 1 App Features... 2 Prerequisites... 3 Data Source Identification...
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationFieldView. Management Suite
FieldView The FieldView Management Suite (FMS) system allows administrators to view the status of remote FieldView System endpoints, create and apply system configurations, and manage and apply remote
More informationComodo APT Assessment Tool
rat Comodo APT Assessment Tool Software Version 1.1 Administrator Guide Guide Version 1.1.102815 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationConfiguring the Management Access List
The following topics explain how to configure the various system settings that are grouped together on the page. The settings cover overall system function. Configuring the Management Access List, page
More informationConfiguring the Botnet Traffic Filter
CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationInfoblox Dossier User Guide
Infoblox Dossier User Guide 2017 Infoblox Inc. All rights reserved. ActiveTrust Platform Dossier and TIDE - June 2017 Page 1 of 16 1. Overview of Dossier... 3 2. Prerequisites... 3 3. Access to the Dossier
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 6.1.3 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5 Enhancements
More informationLog & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017
UPGRADE GUIDE Log & Event Manager Version 6.3.1 Last Updated: Thursday, May 25, 2017 Retrieve the latest version from: https://support.solarwinds.com/success_center/log_event_manager_(lem)/lem_documentation
More informationNetwork Security Detection With Data Analytics (PREDATOR)
CIS-601 Graduate Seminar Network Security Detection With Data Analytics (PREDATOR) PRESENTED BY :RAJAN SHARMA CSU ID: 2659829 GUIDED BY : Dr. SUNNIE CHUNG Overview Introduction Feature Extraction and Machine
More informationConnectra Virtual Appliance Evaluation Guide
Connectra Virtual Appliance Evaluation Guide This document is intended for users who are new to Check Point products and would like to evaluate and review Connectra Virtual Appliance. We recommend reading
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationAdaptiveMobile Security Practice
AdaptiveMobile Security Practice Overview & Case Study AdaptiveMobile s Security Practice provide a suite of managed security services undertaking analysis of potential threats in networks and delivering
More informationCorreLog. Pivot Report Generation Function Application Notes and User Guide
CorreLog Pivot Report Generation Function Application Notes and User Guide http://www.correlog.com mailto:support@correlog.com CorreLog, Pivot Report Generator Application Notes Copyright 2008-2018, CorreLog,
More informationSymantec Network Access Control Linux Agent User Guide
Symantec Network Access Control 5.1.7 Linux Agent User Guide Symantec Network Access Control 5.1.7 Linux Agent User Guide The software described in this book is furnished under a license agreement and
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationTechnical Response Logging and Monitoring Requirements December 23, 2010
Technical Response Logging and Monitoring Requirements December 23, 2010 This technical response documents the capabilities of CorreLog, Inc., Logging and Monitoring Summary and Recommendations. A high-level
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationComodo Unknown File Hunter Software Version 2.1
rat Comodo Unknown File Hunter Software Version 2.1 Administrator Guide Guide Version 2.1.061118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationHow to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity
How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity This article explains how to configure your Sophos UTM to allow access Microsoft s Lync Web Services (the
More informationrat Comodo Valkyrie Software Version 1.1 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013
rat Comodo Valkyrie Software Version 1.1 Administrator Guide Guide Version 1.1.122415 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Valkyrie...
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: About Security, Internet Access, and Communication
More informationComodo cwatch Web Security Software Version 1.0
rat Comodo cwatch Web Security Software Version 1.0 Webhost Reseller Guide Guide Version 1.0.121916 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo
More informationSymantec Managed PKI. Integration Guide for ActiveSync
Symantec Managed PKI Integration Guide for ActiveSync ii Symantec Managed PKI Symantec Managed PKI Integration Guide for ActiveSync The software described in this book is furnished under a license agreement
More informationIPv6 Classification. PacketShaper 11.8
PacketShaper 11.8 Legal Notice Copyright 2017 Symantec Corp. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Blue Coat, and the Blue Coat logo are trademarks or registered trademarks
More informationLevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver
LevelOne FBR-1416 1W, 4L 10/100 Mbps ADSL Router User s Manual Ver 1.00-0510 Table of Contents CHAPTER 1 INTRODUCTION... 1 FBR-1416 Features... 1 Package Contents... 3 Physical Details... 3 CHAPTER 2
More informationKRAMER ELECTRONICS LTD. USER GUIDE
KRAMER ELECTRONICS LTD. USER GUIDE MODEL: Kramer Site-CTRL Room Controller Guide Software Version 2.0.0.x Intended for Kramer Technical Personnel or External System Integrators. To check that you have
More informationA manual for understanding and using the Impex Control Center. SYSCTL AB - version 1.5
A manual for understanding and using the Impex Control Center SYSCTL AB - version 1.5 CONTENTS Contents Introduction 4 History....................................................... 4 Components.....................................................
More informationStonesoft Management Center. Release Notes Revision B
Stonesoft Management Center Release Notes 6.1.0 Revision B Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationDolby Conference Phone. Configuration guide for BT MeetMe with Dolby Voice
Dolby Conference Phone Configuration guide for BT MeetMe with Dolby Voice Version 3.2 17 May 2017 Copyright 2017 Dolby Laboratories. All rights reserved. Dolby Laboratories, Inc. 1275 Market Street San
More informationRev. A 11/27/2017. ID TECH Configuration Utility Quick Start Guide
Rev. A 11/27/2017 ID TECH Configuration Utility Quick Start Guide Copyright 2017, International Technologies and Systems Corporation. All rights reserved. ID TECH 10721 Walker Street Cypress, CA 90630
More informationInterface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)
McAfee Application Control 8.1.0 - Windows Interface Reference Guide (McAfee epolicy Orchestrator) Interface Reference Add Installer page Add an existing installer to the McAfee epo repository. Table 1
More informationThe Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide
The Privileged Appliance and Modules (TPAM) 1.0 Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in
More informationProtection! User Guide. A d m i n i s t r a t o r G u i d e. v L i c e n s i n g S e r v e r. Protect your investments with Protection!
jproductivity LLC Protect your investments with Protection! User Guide Protection! L i c e n s i n g S e r v e r v 4. 9 A d m i n i s t r a t o r G u i d e tm http://www.jproductivity.com Notice of Copyright
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Overview: Security, Internet Access, and Communication
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationEntrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014
Entrust Discovery 2.4 Administration Guide Document issue: 3.0 Date of issue: June 2014 Copyright 2010-2014 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust, Inc.
More informationEasy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.
Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS Connecting PC to
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationA MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE
SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationCisco Threat Intelligence Director (TID)
The topics in this chapter describe how to configure and use TID in the Firepower System. Overview, page 1 Requirements for Threat Intelligence Director, page 4 How To Set Up, page 6 Analyze TID Incident
More informationAsigra Cloud Backup v13.3 DS-Mobile Client User Guide. September 2017
Asigra Cloud Backup v13.3 DS-Mobile Client User Guide Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Asigra Inc. Asigra Inc.
More informationStonesoft Management Center. Release Notes Revision B
Stonesoft Management Center Release Notes 6.1.1 Revision B Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationComodo One Software Version 3.8
rat Comodo One Software Version 3.8 Dome Cloud Firewall Quick Start Guide Guide Version 1.1.061118 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo Dome Cloud Firewall Quick Start This
More informationIBM SECURITY NETWORK PROTECTION (XGS)
IBM SECURITY NETWORK PROTECTION (XGS) IP Reputation Use cases and more Tanmay Shah Product Lead IBM Security Network Protection Tanmay.Shah@au1.ibm.com Contents Introduction... 2 Audience... 2 IP Reputation
More informationAdobe Marketing Cloud Bloodhound for Mac 3.0
Adobe Marketing Cloud Bloodhound for Mac 3.0 Contents Adobe Bloodhound for Mac 3.x for OSX...3 Getting Started...4 Processing Rules Mapping...6 Enable SSL...7 View Hits...8 Save Hits into a Test...9 Compare
More informationSecurity, Internet Access, and Communication Ports
Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: Security Requirements Security Requirements, on
More informationPrivacy Policy. Third Party Links
Privacy Policy This Privacy Policy is provided by POP Tracker LLC, which is referred to within the policy collectively as "POP Tracker", "we", "us" and/or "our". It applies to all POP Tracker-owned websites,
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationClimatix IC Remote Servicing for POL controllers User Guide
Climatix IC Remote Servicing for POL controllers User Guide 2018-01-24 Building Technologies Cyber security disclaimer Cyber security disclaimer products, solutions, and services include security functions
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationCisco TelePresence VCS Cluster Creation and Maintenance
Cisco TelePresence VCS Cluster Creation and Maintenance Deployment Guide Cisco VCS X8.5 Cisco TMS 13.2 or later December 2014 Contents Introduction 4 Prerequisites 5 Upgrading an X7.1 or later cluster
More informationWorkspace Secure Container for Mobile Devices
Workspace Secure Container for Mobile Devices Version 1.1 Last Updated: April 24, 2014 2014 Verizon. All Rights Reserved. The Verizon name and logo and all other names, logos, and slogans identifying Verizon
More informationComodo cwatch Web Security Software Version 1.6
rat Comodo cwatch Web Security Software Version 1.6 Quick Start Guide Guide Version 1.6.010918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo cwatch Web Security - Quick Start Guide
More informationInstalling TeamViewer
Installing TeamViewer 1 2008-05-03 Installing TeamViewer 1 Introduction TeamViewer is commercial software produced by TeamViewer GmbH that provides screen sharing, remote control, file transfer and a text
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationWHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY
WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach
More informationIntegrate Cisco Sourcefire
Integrate Cisco Sourcefire EventTracker Enterprise Publication Date: April 18, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate
More informationIPv6. Akamai. Faster Forward with IPv6. Eric Lei Cao Head, Network Business Development Greater China Akamai Technologies
Akamai Faster Forward with IPv6 IPv6 Eric Lei Cao clei@akamai.com Head, Network Business Development Greater China Agenda What is Akamai? Akamai s IPv6 Capabilities Experiences & Lessons Measuring IPv6
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationVMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0
VMware Skyline Collector Installation and Configuration Guide VMware Skyline Collector 2.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If
More informationDRAFT REVISIONS BR DOMAIN VALIDATION
DRAFT REVISIONS BR 3.2.2.4 DOMAIN VALIDATION (Feb. 15, 2016) Summary of changes The primary purpose of this change is to replace Domain Validation item 7 "Using any other method of confirmation which has
More informationError code. Description of the circumstances under which the problem occurred. Less than 200. Linux system call error.
Error code Less than 200 Error code Error type Description of the circumstances under which the problem occurred Linux system call error. Explanation of possible causes Countermeasures 1001 CM_NO_MEMORY
More information:- IDBI /PCELL/ RFP/
Sr. No RFP Page No Section / Clause/Para No Existing clause 1 6 Control Sheet Schedule for receipt of Bids: - 31 st March 2017 at 1600 Hrs. 2 6 Control Sheet Schedule for Opening of Technical Bids: 31
More informationAcronis Monitoring Service
Acronis Monitoring Service PRODUCT DOCUMENTATION Table of contents 1 About the Acronis Monitoring Service...4 2 Software Requirements...4 3 Understanding basic concepts...5 4 Getting started...7 4.1 Setting
More informationCYAN SECURE WEB HOWTO. SSL Intercept
CYAN SECURE WEB HOWTO January 2009 Applies to: CYAN Secure Web 1.6 and above allows you to inspect SSL encrypted traffic. Therefore all filter mechanisms can be applied to HTTPS traffic. Without, all data
More informationMCAFEE THREAT INTELLIGENCE EXCHANGE RESILIENT THREAT SERVICE INTEGRATION GUIDE V1.0
MCAFEE THREAT INTELLIGENCE EXCHANGE RESILIENT THREAT SERVICE INTEGRATION GUIDE V1.0 Copyright IBM Corporation 2018 Permission is hereby granted, free of charge, to any person obtaining a copy of this software
More informationElectronic Filing Instructions Manulife Financial Corporation Securities Class Actions
Electronic Filing Instructions Manulife Financial Corporation Securities Class Actions I. Important Notes PLEASE READ There are two classes involved in this matter. In order to participate in the Ontario
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationClimatix IC Remote Access with Gateway/Webserver User Guide
Climatix IC Remote Access with Gateway/Webserver User Guide 2018-01-18 Building Technologies Legal note Legal note Legal note concept This guide includes notes that must be followed to prevent damage to
More informationUsing the Belimo Cloud requires an Internet connection for creating and logging in to an account and accessing device data.
Belimo Cloud Manual Overview / Getting Started Welcome to the Belimo Cloud Thank you for deciding to use the Belimo Cloud. Now you'll be able to have centralized connection and management of compatible
More informationAHAU SOFTWARE. User Guide. Easy Projects Outlook Add-in. version 2.6
AHAU SOFTWARE User Guide Easy Projects Outlook Add-in version 2.6 This Outlook add-in makes it possible to sync tasks, import contacts and calendar, as well as to get quick access to attachments and messages
More informationCHAPTER 7 ADVANCED ADMINISTRATION PC
ii Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband ADSL Router Features... 1 Package Contents... 3 Physical Details... 4 CHAPTER 2 INSTALLATION... 6 Requirements... 6 Procedure... 6 CHAPTER 3 SETUP...
More informationMOVE AntiVirus page-level reference
McAfee MOVE AntiVirus 4.7.0 Interface Reference Guide (McAfee epolicy Orchestrator) MOVE AntiVirus page-level reference General page (Configuration tab) Allows you to configure your McAfee epo details,
More informationNetBackup Collection Quick Start Guide
NetBackup Collection Quick Start Guide This whitepaper is intended for IT professionals, IT managers, and IT personnel responsible for the planning, setup, and/or administration of Veritas Information
More informationInstallation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0
Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0 Printer Friendly Version [ PDF 240K ] Before You Begin Before proceeding with the installation of a SOHO 6 appliance, you must have
More informationAsigra Cloud Backup v13.3 DS-Notebook Client User Guide. September 2017
Asigra Cloud Backup v13.3 DS-Notebook Client User Guide Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Asigra Inc. Asigra
More informationMonitor Qlik Sense sites. Qlik Sense Copyright QlikTech International AB. All rights reserved.
Monitor Qlik Sense sites Qlik Sense 2.1.2 Copyright 1993-2015 QlikTech International AB. All rights reserved. Copyright 1993-2015 QlikTech International AB. All rights reserved. Qlik, QlikTech, Qlik Sense,
More informationConfiguring Symantec Protection Engine for Network Attached Storage. Compuverde vnas Cluster
Configuring Symantec Protection Engine for Network Attached Storage Compuverde vnas Cluster Contents Abstract... 2 About software component... 2 How does Compuverde antivirus protect data on Compuverde
More informationIdentity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationmyportablepim Manual v.1.0.0
myportablepim Manual v.1.0.0 1.Introduction...3 2.Installation of the product...3 3.Launch the application...3 3.1 Protecting the version with a password... 3 4.Settings...4 4.1 General... 4 4.2 Short
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationInformation we collect about you: (Rewritten)
Local Search Titan, LLC ( LST, "we", "us" or "our") respects the privacy of our users and has developed this Privacy Policy to demonstrate its commitment to protecting your privacy. The intention of this
More informationProxy. Krishna Tateneni
Krishna Tateneni 2 Contents 1 Proxies 4 1.1 Introduction......................................... 4 1.2 Use.............................................. 4 3 1 Proxies 1.1 Introduction Proxies are programs
More information