Configuring Suspicious Object List Settings

During Apex One registration to an on-premises Apex Central, Apex Central deploys an API key to Apex One to start the subscription process. To enable this automatic subscription process, check with the Apex Central administrator to ensure that Apex Central is connected to a Virtual Analyzer or that the Suspicious Object Lists have been manually populated.

For details on registering to an on-premises Apex Central or Control Manager server, see Configuring Apex Central (Control Manager) Registration Settings.

Important:

If you are using Apex One as a Service with the Apex One Sandbox as a Service Add-on, you do not need to configure the Suspicious Object List Subscription settings.

  1. Go to Administration > Settings > Suspicious Object List.
  2. Select which list to enable on agents.
    • Suspicious URL List

    • Suspicious IP List (only available when subscribing to the registered Apex Central or Control Manager server)

    • Suspicious File List (only available when subscribing to the registered Apex Central or Control Manager server)

    • Suspicious Domain List (only available when subscribing to the registered Apex Central or Control Manager server)

    Administrators can manually synchronize the Suspicious Object lists at any time by clicking the Sync Now button.

  3. Under Update the Suspicious Object lists on Security Agents, specify when agents update the Suspicious Object lists.
    • Based on the Security Agent component update schedule: Security Agents update the Suspicious Object lists based on the current update schedule.

    • Automatically after updating the Suspicious Object lists on the server: Security Agents automatically update the Suspicious Object lists after the Apex One server receives updated lists.

    Note:

    Security Agents not configured to receive updates from Update Agents perform incremental updates of the subscribed Suspicious Object lists during synchronization.

  4. Click Save.