Adding Black/White Lists
Scenario
Yu can add black/white lists of IP addresses and domain names. MTD preferentially detects suspicious activities related to the IP addresses and domain names in the list. MTD runs with low workloads and the detection is fast.
If the same IP address or domain name is added to both the blacklist and whitelist, the IP address or domain name will be ignored during detection as the whitelist has a higher priority.
Prerequisites
- The black/white lists can only be added from the OBS bucket. You need to upload the files to your OBS bucket first. For details about how to upload an object, see Uploading an Object.
- MTD supports only Plaintext black/white lists. You need to uploaded Plaintext files to your OBS before adding them. For details about how to edit an object in Plaintext format, see How Do I Edit Objects in Plaintext Format?
In MTD, "intelligence" is a blacklist containing IP addresses and domain names that are forbidden to access.
Procedure
- Log in to the management console.
- Click and choose Security & Compliance > Managed Threat Detection. The Detection Result page is displayed. Choose Settings > Threat Intelligence form the navigation pane.
Figure 1 Threat Intelligence page
- Add an intelligence/whitelist file.
- Add intelligence.
- On the Intelligence tab page, click Add Intelligence. The Add Intelligence dialog box is displayed.
Figure 2 Adding intelligence
Table 1 Intelligence file parameters Parameter
Description
Example Value
File Name
Name of the intelligence file to add
BlackList
Intelligence Type
Content type of the file to be uploaded from the OBS bucket to MTD
- IP: MTD will detect threats based on the IP addresses in the intelligence file.
- Domain name: MTD will detect threats based on the domain names in the intelligence file.
MTD preferentially generates alarms that are associated with the IP addresses or domain names in the intelligence file.
IP
Bucket Name
Name of the OBS bucket where the file is located
NOTE:If no OBS bucket is available, click View/Create OBS Bucket. For details, see Creating a Bucket.
obs-mtd-bejing4
Object Name
Name of the object in the bucket that stores the intelligence
NOTICE:The object name must contain the file name extension.
mtd-blacklist-ip.txt
Storage Path
Path of the OBS bucket storing the intelligence file
obs://obs-mtd-beijing4/mtd-blacklist-ip.txt
- Confirm the information and click OK. If the added file is displayed in the intelligence list, the operation is successful.
- On the Intelligence tab page, click Add Intelligence. The Add Intelligence dialog box is displayed.
- Add a whitelist.
- In the Whitelist tab, click Add Whitelist. The Add Whitelist dialog box is displayed.
Figure 3 Adding a whitelist
Table 2 Whitelist file parameters Parameter
Description
Example Value
File Name
Name of the intelligence file to add
SecurityList
Intelligence Type
Content type of the file to be uploaded from the OBS bucket to MTD
- IP: MTD will detect threats based on the IP addresses in the whitelist file.
- Domain name: MTD will detect threats based on the domain names in the whitelist file.
MTD ignores log information that is associated with the IP addresses or domain names in the whitelist file.
IP
Bucket Name
Name of the OBS bucket where the file is located
NOTE:If no OBS bucket is available, click View/Create OBS Bucket. For details, see Creating a Bucket.
obs-mtd-bejing4
Object Name
Name of the object in the bucket that stores the file
NOTICE:The object name must contain the file name extension.
mtd-securitylist-ip.txt
Storage Path
Path of the OBS bucket storing the file
obs://obs-mtd-beijing4/mtd-securitylist-ip.txt
- Confirm the information and click OK. If the added file is displayed in the whitelist pane, the operation is successful.
- In the Whitelist tab, click Add Whitelist. The Add Whitelist dialog box is displayed.
- Add intelligence.
- On the Threat Intelligence page, click the Intelligence or Whitelist tab to view the added files.
Figure 4 Intelligence list
Figure 5 Whitelist
Example
- Create an intelligence file in Plaintext format. Write the IP address 121.3X.XX.XXX into the intelligence file. For details about how to edit an object in Plaintext format, see How Do I Edit Objects in Plaintext Format?
- Upload the file. Log in to the management console. Click and choose Storage > Object Storage Service. On the displayed page, upload the object file to the target OBS bucket by following the steps provided in Uploading an Object.
Figure 6 Uploading the intelligence file
- Log in to the MTD console, choose Settings > Threat Intelligence from the navigation pane. On the Threat Intelligence page, click the Intelligence tab and click Add Intelligence. In the displayed dialog box, configure the parameters as required and click OK. View the added file in the intelligence list after the system displays a message indicting the file is added.
Figure 7 Adding an intelligence file
Figure 8 Intelligence added successfully
- MTD scans all service logs against the IP address and domain name in the blacklist preferentially.
Figure 9 Alarm details
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot