Skip to content

Commit

Permalink
Merge pull request #659 from AviatrixSystems/new_branch525
Browse files Browse the repository at this point in the history 
update for pro
  • Loading branch information
@joe-amendolara
joe-amendolara authored Dec 17, 2024
2 parents 27a9d5f + 34aef97 commit fbe0f30
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 15 deletions.
14 changes: 10 additions & 4 deletions ace_pro/docs/lab9.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,11 @@ Explore the content of the `Default ThreatGroup`:
height: 400px
align: center
---
PSF-Rule
Default ThreatGroup
```

```{note}
`ProofPoint` sends its new malicious IP addresses DB to the CoPilot every **30 minutes**.
```

## 8.0 Generate again traffic towards the "Bad Guy"
Expand Down Expand Up @@ -442,12 +446,13 @@ align: center
Towards the Malicious IP
```

You will notice that the traffic towards the **IP with Bad Reputation** has been blocked at the very first SYN and SYN-ACK packets!
You will notice that the traffic towards the **IP with Bad Reputation** was blocked at the very first **SYN** and **SYN-ACK** packets!

No go to **CoPilot > Security > ThreatIQ** scroll down through the whole **Overview** section, click on the filter icon and filter out based on the Maliciuous IP: you can choose either Source or Destination!

```{figure} images/lab96-newrule308.png
---
height: 400px
align: center
---
Filter
Expand All @@ -464,12 +469,13 @@ Now click on the VIEW link on the right-hand side of the entry:

```{figure} images/lab96-newrule310.png
---
height: 400px
align: center
---
Condition
View link
```

Last but not least, explore the `Threat Summary` tab to find out hiow ProofPoint classified that IP address!
Last but not least, explore the `Threat Summary` tab to find out how ProofPoint classified that IP address!

```{figure} images/lab96-newrule311.png
---
Expand Down
14 changes: 10 additions & 4 deletions docs/ace-pro/_sources/docs/lab9.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,11 @@ Explore the content of the `Default ThreatGroup`:
height: 400px
align: center
---
PSF-Rule
Default ThreatGroup
```

```{note}
`ProofPoint` sends its new malicious IP addresses DB to the CoPilot every **30 minutes**.
```

## 8.0 Generate again traffic towards the "Bad Guy"
Expand Down Expand Up @@ -442,12 +446,13 @@ align: center
Towards the Malicious IP
```

You will notice that the traffic towards the **IP with Bad Reputation** has been blocked at the very first SYN and SYN-ACK packets!
You will notice that the traffic towards the **IP with Bad Reputation** was blocked at the very first **SYN** and **SYN-ACK** packets!

No go to **CoPilot > Security > ThreatIQ** scroll down through the whole **Overview** section, click on the filter icon and filter out based on the Maliciuous IP: you can choose either Source or Destination!

```{figure} images/lab96-newrule308.png
---
height: 400px
align: center
---
Filter
Expand All @@ -464,12 +469,13 @@ Now click on the VIEW link on the right-hand side of the entry:

```{figure} images/lab96-newrule310.png
---
height: 400px
align: center
---
Condition
View link
```

Last but not least, explore the `Threat Summary` tab to find out hiow ProofPoint classified that IP address!
Last but not least, explore the `Threat Summary` tab to find out how ProofPoint classified that IP address!

```{figure} images/lab96-newrule311.png
---
Expand Down
16 changes: 10 additions & 6 deletions docs/ace-pro/docs/lab9.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -605,9 +605,13 @@ <h2>7.0 Create two new DCF rules<a class="headerlink" href="#create-two-new-dcf-
<figure class="align-center" id="id21">
<a class="reference internal image-reference" href="../_images/lab96-newrule12.png"><img alt="../_images/lab96-newrule12.png" src="../_images/lab96-newrule12.png" style="height: 400px;" /></a>
<figcaption>
<p><span class="caption-number">Fig. 336 </span><span class="caption-text">PSF-Rule</span><a class="headerlink" href="#id21" title="Link to this image">#</a></p>
<p><span class="caption-number">Fig. 336 </span><span class="caption-text">Default ThreatGroup</span><a class="headerlink" href="#id21" title="Link to this image">#</a></p>
</figcaption>
</figure>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><code class="docutils literal notranslate"><span class="pre">ProofPoint</span></code> sends its new malicious IP addresses DB to the CoPilot every <strong>30 minutes</strong>.</p>
</div>
</section>
<section id="generate-again-traffic-towards-the-bad-guy">
<h2>8.0 Generate again traffic towards the “Bad Guy”<a class="headerlink" href="#generate-again-traffic-towards-the-bad-guy" title="Link to this heading">#</a></h2>
Expand Down Expand Up @@ -741,10 +745,10 @@ <h2>9. Connectivity Tests<a class="headerlink" href="#connectivity-tests" title=
<p><span class="caption-number">Fig. 347 </span><span class="caption-text">Towards the Malicious IP</span><a class="headerlink" href="#id32" title="Link to this image">#</a></p>
</figcaption>
</figure>
<p>You will notice that the traffic towards the <strong>IP with Bad Reputation</strong> has been blocked at the very first SYN and SYN-ACK packets!</p>
<p>You will notice that the traffic towards the <strong>IP with Bad Reputation</strong> was blocked at the very first <strong>SYN</strong> and <strong>SYN-ACK</strong> packets!</p>
<p>No go to <strong>CoPilot &gt; Security &gt; ThreatIQ</strong> scroll down through the whole <strong>Overview</strong> section, click on the filter icon and filter out based on the Maliciuous IP: you can choose either Source or Destination!</p>
<figure class="align-center" id="id33">
<img alt="../_images/lab96-newrule308.png" src="../_images/lab96-newrule308.png" />
<a class="reference internal image-reference" href="../_images/lab96-newrule308.png"><img alt="../_images/lab96-newrule308.png" src="../_images/lab96-newrule308.png" style="height: 400px;" /></a>
<figcaption>
<p><span class="caption-number">Fig. 348 </span><span class="caption-text">Filter</span><a class="headerlink" href="#id33" title="Link to this image">#</a></p>
</figcaption>
Expand All @@ -757,12 +761,12 @@ <h2>9. Connectivity Tests<a class="headerlink" href="#connectivity-tests" title=
</figure>
<p>Now click on the VIEW link on the right-hand side of the entry:</p>
<figure class="align-center" id="id35">
<img alt="../_images/lab96-newrule310.png" src="../_images/lab96-newrule310.png" />
<a class="reference internal image-reference" href="../_images/lab96-newrule310.png"><img alt="../_images/lab96-newrule310.png" src="../_images/lab96-newrule310.png" style="height: 400px;" /></a>
<figcaption>
<p><span class="caption-number">Fig. 350 </span><span class="caption-text">Condition</span><a class="headerlink" href="#id35" title="Link to this image">#</a></p>
<p><span class="caption-number">Fig. 350 </span><span class="caption-text">View link</span><a class="headerlink" href="#id35" title="Link to this image">#</a></p>
</figcaption>
</figure>
<p>Last but not least, explore the <code class="docutils literal notranslate"><span class="pre">Threat</span> <span class="pre">Summary</span></code> tab to find out hiow ProofPoint classified that IP address!</p>
<p>Last but not least, explore the <code class="docutils literal notranslate"><span class="pre">Threat</span> <span class="pre">Summary</span></code> tab to find out how ProofPoint classified that IP address!</p>
<figure class="align-center" id="id36">
<img alt="../_images/lab96-newrule311.png" src="../_images/lab96-newrule311.png" />
<figcaption>
Expand Down
2 changes: 1 addition & 1 deletion docs/ace-pro/searchindex.js
View file

Large diffs are not rendered by default.

0 comments on commit fbe0f30

Please sign in to comment.