Security

Reply

DEMO VIDEO & TEMPLATES: ADDING RPZ FEEDS TO LOCAL RPZ AND ADP.

[ Edited ]
kzettel
Moderator kzettel
Moderator
Posts: 60

‎09-08-2017 07:28 AM - edited ‎09-08-2017 08:53 AM

5381     1

 Hello,

 

Infoblox now has a new way to combine RPZ feeds with local RPZ and ADP. This takes an RPZ feed that gets queries and creates a local RPZ entry that, when hit a custom number of times, will create a custom ADP rule to block any new bad queries. The video shows how to set everything up and how it works so that you can start using it.

 

VIDEO:

https://www.youtube.com/watch?v=Ob12AeFaTjU&feature=youtu.be

 

All the templates that you need are attached in a links below. You may want to rework the templates however the templates below are the ones that are demoed in the video.

 

The templates require two Extensible Attributes, explained in the video and you will need to generate them in order for the templates to work.

 

Extensible Attribute

Description

hits

The number of times an entry was hit within an established amount of time, designated by the instance variable “TimeForHits” which is explained in the video. This Extensible Attribute must be a type integer.

time

This is the last time a variable was hit within a given period of time. This Extensible Attribute must be a type string.

 

Template

Link

addSecurityRuleBasedOnHits.json

https://drive.google.com/file/d/0BxAsYqIgR8lbUnJjejNCYW5TS2c/view?usp=sharing

addRPZRuleByOutbound.json

https://drive.google.com/file/d/0BxAsYqIgR8lbM3FTVnVFYjRsOTA/view?usp=sharing

 

More information is still to come however this should get you started and working.

 

If you have any questions or suggestions please let me know!

 

Thank you,

Kevin Zettel

Reply

Re: DEMO VIDEO & TEMPLATES: ADDING RPZ FEEDS TO LOCAL RPZ AND ADP.
mrshaukat
Authority
Posts: 21

‎10-10-2018 10:25 PM

5382     1

Hi,

 

For the ADP we need threat rules to download from Threat Insight , and for that we need license .Do we get any portal access or these rules will be downloaded automatically.

Also Do we need seprate ADP license?

ADP will work only on the physical appliance ?

what about the query it will be served first by cahce >>rpz feed >> ADP rule.Can you share the packet inspection detail and sequence.

 

Thanks

Reply
0 Kudos
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Do you mean 

Recommended for You

Latest Annoucements

Infolbox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community