文档中心 Cloud Security 2.0 User Guide Threat Intelligence (Value Added Services)

Threat Intelligence (Value Added Services)

更新时间:2024-10-28 17:27:37

Based on a large number of attack samples captured on the Cloud Security Platform, through feature engineering and expert rule analysis modeling strategies, Cloud Security 2.0 can generate accurate IP threat intelligence applicable to different scenarios. You can use threat intelligence to monitor traffic initiated by suspected malicious IPs, and if necessary, enable interception as a supplemental protection measure.

Threat intelligence mainly includes the following types:

  • Specific Attack Risk IPs: High-risk IPs that are intercepted by the Cloud Security 2.0 and continue to initiate attacks. The types of attacks include: DDoS Attack, Web Attack, Scraper, and Scanner.
  • Industry Attack Risk IPs: High-risk IPs that are intercepted by the Cloud Security 2.0 and continue to initiate attacks against specific industries.
  • Attack Resource Risk IPs: IP resources often used by hackers to initiate various types of attacks. This type of information is collected externally, and the main types of IPs include: Proxies, Cloud vendors, IDC vendors, Open-source Blacklist IP Reputation Databases, etc.

To configure Threat Intelligence:

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Settings > Policies.
  3. Find the hostname for which you want to configure security policies, click 墨西哥、多米尼加共和国新节点上线.
  4. Go to Threat Intelligence tab. If this policy is off, turn it on.

Using Threat Intelligence

  • Find the type of threat intelligence you wish to handle and select the action you need to execute.
  • Click Publish Changes to make the configuration take effect.
本篇文档内容对您是否有帮助?
有帮助
我要反馈
提交成功!非常感谢您的反馈,我们会继续努力做到更好!