Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Log & Event Manager (LEM) > Enable or Disable Threat Feeds

Enable or Disable Threat Feeds

Table of contents
Created by Erica Gill, last modified by MindTouch on Jun 23, 2016

Views: 12 Votes: 1 Revisions: 5

Overview

This article describes how to enable  or disable Threat Feeds. LEM 6.2 introduced the feature of Threat Feeds, which allow recognizing known and proven threats. Rules can make use of this data to automatically take action on Threat Feeds. 

Environment

LEM 6.2

Steps

 

  1. Log onto the LEM Web or Air Console.

  2. Click Manage > Appliances.

  3. Go to the Settings tab and select or deselect Allow Log & Event Manager to detect threats based on lists of known malicious IP addresses.
    Enable Threat Feeds

  4. To verify that your Threat Feed is updating every morning, you can run the following nDepth search and look for this recurring event that comes in every morning at 3:14 AM:
    InternalInfo.EventInfo = *threat*

 

 

 

 

 

Last modified
19:59, 22 Jun 2016

Tags

Classifications

Public