Configuring Threat Intelligence Sharing Settings Parent topic

Procedure

  1. On the Deep Discovery Inspector management console, go to AdministrationIntegrated Products/ServicesThreat Intelligence Sharing.
  2. Select Enable Threat Intelligence Sharing to allow integrated products/services to get information from Deep Discovery Inspector.
  3. Under Criteria, select which objects to include in the threat intelligence data file.
    Note
    Note
    The maximum length of shared URL objects is 997 characters.
    The objects appear in the generated file under the following categories.

    Object Categories in Generated File

    Object
    Category in Generated File
    Suspicious URL identified by Virtual Analyzer
    DDI_sandbox_feedback_blacklists
    URL in Deny List
    DDI_custom_defense_blacklists
    URL in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list
    DDI_control_manager_blacklists
    Malicious URL detected by Web Reputation Service
    DDI_wrs_blacklists
    C&C Callback URL
    DDI_aggressive_blacklists
    Source URL for any of the following files:
    • Suspicious file identified by Virtual Analyzer
    • File in Deny List
    • File in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list
    DDI_aggressive_blacklists
    Source URL for malicious file
    DDI_aggressive_blacklists
  4. Under Criteria, select the risk level of the objects to be included in the threat intelligence data file.
  5. (Optional) By default, Deep Discovery Inspector shares threat intelligence data through HTTPS web service. You can also enable HTTP web service for data sharing. Under Server Settings, select Share information using HTTP (in addition to HTTPS) and specify the HTTP port number.
  6. Click Save.
  7. Click Generate Now.
    Note
    Note
    After the file generation is successful, you can click the URL to download the threat intelligence data file to view the content.
  8. Configure an integrated product/service (for example, Blue Coat ProxySG device) to obtain threat intelligence data from Deep Discovery Inspector. For more information, see the documentation for the integrated product/service.