Help Center/ Managed Threat Detection/ User Guide/ Threat Intelligence Management/ Importing a Threat Intelligence File
Updated on 2023-06-13 GMT+08:00
View PDF
Share

Importing a Threat Intelligence File

This section describes how to import a third-party threat intelligence file and trusted IP list in the Plaintext format. MTD will detect threats based on the IP addresses or domain names contained in the imported file.

Prerequisites

You have uploaded the threat intelligence file to an OBS bucket. For details, see Uploading a File.
  • Intelligence: A blacklist of IP addresses or domain names. Access requests from them are rejected. Currently, only one intelligence file with a maximum of 10,000 IP address or domain names can be uploaded.
  • Plaintext format: In your trusted IP list and intelligence file, ensure that each line contains only one IP address. For details, see How Do I Edit and Upload a Plaintext File to OBS?

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the navigation pane on the left and choose Security & Compliance > Managed Threat Detection.

    Figure 1 Home page of MTD

  4. Choose Settings > Threat Intelligence in the left navigation pane.
  5. On the Intelligence tab page, click Add Intelligence. The Add Intelligence dialog box is displayed.

    Figure 2 Adding intelligence
    Table 1 Intelligence file parameters

    Parameter

    Description

    Example Value

    File Name

    Name of the intelligence file to add

    BlackList

    Intelligence Type

    Content type of the file to be uploaded from the OBS bucket to MTD

    • IP: MTD will detect threats based on the IP addresses in the intelligence file.
    • Domain name: MTD will detect threats based on the domain names in the intelligence file.

    MTD preferentially generates alarms that are associated with the IP addresses or domain names in the intelligence file.

    IP

    Bucket Name

    Name of the OBS bucket where the file is located

    NOTE:

    If no OBS bucket is available, click View/Create OBS Bucket. For details, see Creating a Bucket.

    obs-mtd-bejing4

    Object Name

    Name of the object in the bucket that stores the intelligence

    NOTICE:

    The object name must contain the file name extension.

    mtd-blacklist-ip.txt

    Storage Path

    Path of the OBS bucket storing the intelligence file

    obs://obsmtd-beijing4/mtd-blacklistip.txt

  6. Confirm the information and click OK. If the added file is displayed in the intelligence list, the operation is successful.