Based on a large number of attack samples captured on the Cloud Security Platform, through feature engineering and expert rule analysis modeling strategies, Cloud Security 2.0 can generate accurate IP threat intelligence applicable to different scenarios. You can use threat intelligence to monitor traffic initiated by suspected malicious IPs, and if necessary, enable interception as a supplemental protection measure.

Threat intelligence mainly includes the following types:

• Specific Attack Risk IPs: High-risk IPs that are intercepted by the Cloud Security 2.0 and continue to initiate attacks. The types of attacks include: DDoS Attack, Web Attack, Scraper, and Scanner.
• Industry Attack Risk IPs: High-risk IPs that are intercepted by the Cloud Security 2.0 and continue to initiate attacks against specific industries.
• Attack Resource Risk IPs: IP resources often used by hackers to initiate various types of attacks. This type of information is collected externally, and the main types of IPs include: Proxies, Cloud vendors, IDC vendors, Open-source Blacklist IP Reputation Databases, etc.

To configure Threat Intelligence：

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to Security Settings > Policies.
3. Find the hostname for which you want to configure security policies, click .
4. Go to Threat Intelligence tab. If this policy is off, turn it on.

Using Threat Intelligence

• Find the type of threat intelligence you wish to handle and select the action you need to execute.
• Click Publish Changes to make the configuration take effect.