Threat Research
Threat Research is generated from a set of rules that are applied to the inspection engine to detect threats and malicious activity. This page allows you to view these rules. Once a day, Multicloud Defense searches for new or modified rules for network intrusion and includes or removes rules and known malicious sources from the internal library. This action is automated. Included in this function is the act of downloading and validating the new list of IP addresses as sources and implementing them in new rulesets. These rulsesets are then deployed.
The rules have a variety of ways in which they are organized such as policy, class, application, ruleset library date, and other parameters. If you are interested in understanding more about a rule that has tripped (e.g., detected a threat or malicious activity), use the Threat Research page to view more details about the rule. The following parts of each of the page are available for your use:
Search Bar
The search bar at the top of the window allows you to search each page under threat research for any singular dientifying facet: a known IP address, action, rule name, gateway name, attack type, or profile name. If you find a specific field value by scrolling, you can Add to Search to facilitate an easier search experience.
Note that the searches are isolated to each page, and you cannot cross-search the different types of threat research. See the section below for more details.
View Details
Each of the facets under threat research offer the ability to View Details of a singular incident or attack. The values provided in these details differ between the types of threat research, but can be valuable if you want to finetune your policies, security profiles, rules or rulesets.
Add to Search
For any of the types of research available here, you can click on any one value within a row and automatically have the option to Add to Search. This automatically applies the selected value to the search bar at the top of the window and filteres the viewing window to the content in the search bar. You can do this multiple times and the values you select compound into a complex search request.