Follow

What is Threat Intelligence? What Threat Categories are Supported?

Description

  • The Silverline Threat Intelligence subscription is a premium option which may be added to both DDoS and WAF services for additional visibility and protection. 
  • Note: Threat intelligence is only available in proxy mode.
  • With Threat Intelligence, Silverline triggers alerts (and blocks, if configured) based on a regularly-updated database of known categories of IP clients, such as anonymous proxies or known bot networks.
  • Portal Administrators can customize the behavior of the service by creating and applying Threat Intelligence Profiles to proxies within the Silverline service.

 

Environment

  • Silverline DDoS
  • Silverline WAF
  • Proxy
  • Threat Intelligence
  • iRule

 

Answer

Threat Categories

Threat Intelligence supports a wide variety of categories that may be configured to follow administrator-specified actions.  The SOC recommends turning on all of these categories.

Threat Category Name in Threat Intelligence profile

Threat Category Name in iRule data table

Nature of Threat

Anonymous Proxies

Proxy and Tor Proxy

IP addresses providing proxy and anonymizing services.

Includes TOR anonymizer IP addresses.

Botnets

BotNets

Includes Botnet command and control server channels and infected zombie machines controlled by a Bot master

Cloud Provider

Cloud Provider Networks

Detects cloud-based IP addresses used in malicious attacks.

Denial of Service

Denial of Service

Denial of Services category includes DOS, DDOS, anomalous SYN flood and anomalous traffic detection.

Infected Sources

Infected Sources

IP addresses currently known to be infected with malware or with a low Reputation Index score.

Mobile Threats

Mobile Threats

Mobile Threat category includes IP addresses of malicious and unwanted mobile applications.

Phishing Proxies

Phishing

Blocks IP addresses hosting phishing sites and other kinds of fraud activities such as Ad Click or Gaming fraud.

Scanners

Scanners

All reconnaissance such as probes, host scan, domain scan and password brute force attacks.

Spam Sources

Spam Sources

Known IP addresses for sending or creating Spam. 

Web Attacks

Web Attacks

Includes hosts known to exploit XSS, iFrame injection, SQL injection, cross domain injection or domain password brute force attacks.

Windows Exploits

Windows Exploits

Any active host IP addresses offering or distributing malware, shell code, rootkits, worms or viruses.

 

Related Content

 

 

 

Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request