- how to configure Threat Intelligence profiles
- how to add Threat Intelligence profiles to proxies
- Multiple Threat Intelligence Profiles may be applied to a single account's different proxies.
- Threat Intelligence Profiles overrule the IP Allowlist. If an address on an IP Allowlist is also present on an applied Threat Intelligence profile set to Block, the traffic from that host will be blocked.
- Silverline DDoS
- Silverline WAF
- Threat Intelligence
How to Configure Threat Intelligence Profiles
- In Silverline Portal, navigate to Config > Threat Intelligence Profiles. Only appears if the service is active for the account. Reach out to F5 Silverline Sales if you would like to add on Threat Intelligence
- Click the Add button.
- Give the profile a Name
- Select an Action (Allow or Block) for each category to which the action should be applied.
- The request is logged for both Allow and Block actions.
- For more info on Threat Categories, see What is Threat Intelligence? What Threat Categories are Supported?
- The SOC recommends turning on all threat categories
- Click Save.
Threat Intelligence Profile home page now shows Profile and the deployment status.
How to Assign Threat Intelligence Profile to a Proxy
- In SIlverline Portal, navigate to Config > Proxy / App Configuration > Proxy/App Management
- Find the desired proxy and click Edit on that row.
- Select the appropriate HTTPS or HTTP service, which defaults to the Security Policies tab.
- Select the Threat Intelligence Profile from the drop-down menu.
- Click Save and Finish in the bottom right of the screen (scrolling down may be necessary)
- Silverline automatically schedules the Threat Intelligence profile for deployment