Threat Intelligence packages

Threat intelligence includes Digital Vaccine (DV) security packages with filters for protecting your network system against vulnerabilities. These filters provide new signatures to protect against researched threats to network security. They help you control your organization's software management life cycle by providing coverage between the discovery of a vulnerability and the availability of new software.

Threat intelligence also includes Auxiliary DV packages, which augment the base DV packages by protecting your network from malware and deprecated software.

Delivered weekly, or immediately when critical vulnerabilities emerge, you can distribute these filters automatically to your appliances.

Verify under the Threat Intelligence column on the Network > Appliances page whether the package version you have on your virtual appliances is up to date or out of date. To see what the actual package version number is, click the appliance name, and under the General tab, expand the Threat Intelligence field.

Update a threat intelligence package

The Network Security service comes with recommended DV packages already loaded. Because filters are continuously being created or updated, threat intelligence can become outdated.

To keep your appliances protected with the most current threat intelligence, follow these steps:

  1. From the navigation panel, click the Policy icon policies icon and select Sync Management.
  2. Ensure that Digital Vaccine Auto-Sync is set to Enabled (default).

The Network Security service checks for the most current active package every 30 minutes and redistributes a new package when it is available.

Manual Syncs

If you disable this feature, you can still perform a manual sync. To manually sync your DV package, click Sync Manually. This syncs the latest Network Security DV package across all of your appliances that do not have that package version. Even with Auto-Sync disabled, the Network Security service continues to check the TMC periodically for a more current package to download.

You can also perform a manual sync using two APIs—one to sync Digital Vaccine packages and one to sync Auxiliary Digital Vaccine packages. To manually sync your Digital Vaccine package, use the following API:

POST /api/digitalvaccinesettings
{

  "name": "autodigitalvaccinedistribute",
  "enabled": true,
  "value" : "now"
}

To manually sync your Auxiliary DV package, use the following API:

POST /api/digitalvaccinesettings
{

  "name": "autoauxiliarydigitalvaccinedistribute",
  "enabled": true,
  "value" : "now"
}

Each API immediately triggers a one-time distribution of the Digital Vaccine or Auxiliary Digital Vaccine package that you have loaded to all the appliances in your network that are not in sync with that package version.


NOTE

A manual sync is an instantaneous, nonpersistent distribution. Unless you have Auto-Sync enabled, your packages will not be continuously updated.