Procedure
- On the Deep Discovery Inspector management console, go to .
- Select Enable Threat Intelligence Sharing to allow integrated products/services to get information from Deep Discovery Inspector.
- Under Criteria, select which objects to include in the
threat intelligence data file.
Note
The maximum length of shared URL objects is 997 characters.The objects appear in the generated file under the following categories.Object Categories in Generated File
ObjectCategory in Generated FileSuspicious URL identified by Virtual AnalyzerDDI_va_suspicious_objectsURL in Deny ListDDI_custom_defense_denylistsURL in Apex Central or Deep Discovery Director User-Defined Suspicious Objects listDDI_control_manager_denylistsMalicious URL detected by Web Reputation ServiceDDI_wrs_malicious_urlsC&C Callback URLDDI_aggressive_rule_urlsSource URL for any of the following files:-
Suspicious file identified by Virtual Analyzer
-
File in Deny List
-
File in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list
DDI_aggressive_rule_urlsSource URL for malicious fileDDI_aggressive_rule_urls -
- Under Criteria, select the risk level of the objects to be included in the threat intelligence data file.
- (Optional) By default, Deep Discovery Inspector shares threat intelligence data through HTTPS web service. You can also enable HTTP web service for data sharing. Under Server Settings, select Share information using HTTP (in addition to HTTPS) and specify the HTTP port number.
- Click Save.
- Click Generate Now.
Note
After the file generation is successful, you can click the URL to download the threat intelligence data file to view the content. - Configure an integrated product/service (for example, Blue Coat ProxySG device) to obtain threat intelligence data from Deep Discovery Inspector. For more information, see the documentation for the integrated product/service.