Table!of!Contents!
1.#INTRODUCTION#....................................................................................................................................................#4!
1.1!REPUTATION!BASED!DETECTION!.........................................................................................................................................!4!
1.2!INTRUSION!DETECTION!AND!PREVENTION!.........................................................................................................................!4!
1.3!MONITORING!AND!LOGGING!..................................................................................................................................................!4!
2.#HARDWARE#INSTALLATION#.............................................................................................................................#5!
2.1!TYPICAL!CONFIGURATION!......................................................................................................................................................!6!
3.#ACCESSING#THE#WEB#APPLICATIONS#............................................................................................................#7!
3.1!MANAGEMENT!PORT!...............................................................................................................................................................!7!
3.2!MANAGING!USERS!....................................................................................................................................................................!8!
4.#CONFIGURING#THE#APPLIANCE#.......................................................................................................................#9!
4.1!ETHERNET!PORT!CONFIGURATION!......................................................................................................................................!9!
4.2!APPLIANCE!NAME!....................................................................................................................................................................!9!
4.3!DEEP!PACKET!INSPECTION!CONFIGURATION!..................................................................................................................!10!
4.4!EMAIL!NOTIFICATION!..........................................................................................................................................................!11!
4.4.1$Setting$Up$Email$Notification$..................................................................................................................................$11!
4.4.2$Email$Notification$.........................................................................................................................................................$11!
4.4.3$Instant$Critical$...............................................................................................................................................................$12!
4.4.4$Current$Email$Addr$......................................................................................................................................................$12!
4.4.5$New$Email$Addr$.............................................................................................................................................................$12!
4.4.6$Event$Notification$Emails$..........................................................................................................................................$12!
4.4!REPUTATION!THREAT!LIST!UPDATES!..............................................................................................................................!13!
4.4.1$About$Tor$Exit$Nodes$...................................................................................................................................................$14!
4.5!SET!MOBILE!APPLICATION!PASSWORD!............................................................................................................................!14!
4.5!SETTING!THE!TIME!ZONE!...................................................................................................................................................!15!
5.#REPUTATION#BASED#DETECTION#.................................................................................................................#16!
5.1!OVERVIEW!..............................................................................................................................................................................!16!
5.2!DGA!!LIST!...............................................................................................................................................................................!16!
5.3!LIST!UPDATES!.......................................................................................................................................................................!17!
6.#INTRUSION#DETECTION#AND#PREVENTION#RULES#................................................................................#19!
6.1!RULE!OVERVIEW!...................................................................................................................................................................!19!
6.2!RULE!LIST!...............................................................................................................................................................................!19!
6.3!RULE!SETS!..............................................................................................................................................................................!20!
6.4!ACTIVATING!A!RULE!SET!.....................................................................................................................................................!20!
6.5!OPERATING!MODE!................................................................................................................................................................!21!
6.6!CREATING!CUSTOM!RULES!..................................................................................................................................................!21!
6.7!RULE!ID!...................................................................................................................................................................................!22!
7.#EVENTS#AND#EVENT#SEVERITY#......................................................................................................................#23!
7.1!EVENT!OVERVIEW!................................................................................................................................................................!23!
7.2!EVENT!SEVERITY!...................................................................................................................................................................!23!
7.2.1$Low$severity$(colored$green$in$the$GUI)$.............................................................................................................$24!
7.2.2$Medium$severity$(colored$orange$in$the$GUI)$..................................................................................................$24!
7.2.3$Critical$severity$(colored$red$in$the$GUI)$............................................................................................................$24!
7.3!SOURCE!AND!DESTINATION!IP!ADDRESSES!.....................................................................................................................!24!
8.#RESPONDING#TO#CRITICAL#EVENTS#.............................................................................................................#25!
9.#SYSTEM#SOFTWARE#UPDATES#.......................................................................................................................#26!
