Configure distribution settings to enable Apex Central to consolidate and send Virtual Analyzer and user-defined suspicious objects (excluding exceptions) to certain managed products. These products synchronize and use all or some of these objects.
Apex Central can also send suspicious IP addresses and domains to
TippingPoint.
NoteThe Distribution Settings also allows you
to configure Suspicious Object Hub and Node Apex Central server settings to
synchronize suspicious object lists across multiple Apex Central servers.
For more information, see Suspicious Object Hub and Node
Architecture.
|
Procedure
- Go to .The Distribution Settings screen appears.
- To send suspicious objects to managed products:
- Click the Managed Products tab.
- Select the Send suspicious objects to managed products check box.
- Record the following information for use when
configuring Apex Central as the Virtual Analyzer source in managed
products:
-
Service URL: The service URL of Apex Central
-
API key: The code that identifies Apex Central to the managed product
-
- Click Save.
- Click Sync Now.
- To send suspicious objects to TippingPoint:
- Click the TippingPoint tab.
- Select the Send suspicious objects (IP
addresses and domain names only) to TippingPoint check
box.
Note
Apex Central sends suspicious IP addresses and domain names analyzed by Virtual Analyzer. TippingPoint uses reputation filters to apply block, permit, or notify actions across an entire reputation group. For more information about reputation filters, refer to your TippingPoint documentation. - Specify the following:
-
Server name: Type the server URL and port number for your TippingPoint deployment.
-
User name: Type the user name of an account with sufficient privileges to access the TippingPoint console.
-
Password: Type the password for the account.
-
- (Optional) Click Test Connection to confirm the connection.
- Select the severity level that triggers Apex Central
to send domain names or IP address information to TippingPoint.
-
High only: IP addresses and domain names with high severity
-
High and medium: IP addresses and domain names with high and medium severity
-
All: Includes IP addresses and domain names with high, medium, and low severity
-
- Click Save.
- Click Sync Now.