Anti-Bot
What can I do here?
Use this window to configure UserCheck settings and suspicious mail detection settings for Anti-bot.
|
Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Anti-bot
|
Configuring Anti-Bot Settings
To configure the Anti-Bot settings for a Threat Prevention profile:
- In SmartConsole, select > .
- From the section, click .
The page opens.
- Right-click the profile, and click .
- From the navigation tree, click .
- Configure the Anti-Bot :
- - Select the UserCheck message that opens for a action
- - Select the UserCheck message that opens for an action
- Click and .
Blocking Bots
To block bots in your organization, install this default Threat Policy rule that uses the profile, or create a new rule.
Protected Scope
|
Action
|
Track
|
Install On
|
*Any
|
|
Log
Packet Capture
|
*Policy Targets
|
To block bots in your organization:
- In SmartConsole, click .
- Enable the Software Blade on the Gateways that protect your organization. For each Gateway:
- Double-click the Gateway object.
- In the page, select the Software Blade.
The First Time window opens.
- Select
- Click .
- Click .
You can block bots with the out-of-the-box Threat Prevention policy rule with the default Profile.
Alternatively, add a new Threat Prevention rule:
- Click .
A new rule is added to the Threat Prevention policy. The Software Blade applies the first rule that matches the traffic.
- Make a rule that includes these components:
- - Give the rule a name such as .
- The list of network objects you want to protect. By default, the network object is used.
- The Profile that contains the protection settings you want. The default profile is .
- The type of log you want to get when the gateway detects malware on this scope.
- - Keep it as or select Gateways to install the rule on.
- Install the Threat Prevention policy.
The IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction Software Blades have a dedicated Threat Prevention policy. You can install this policy separately from the policy installation of the Access Control Software Blades. Install only the Threat Prevention policy to minimize the performance impact on the Security Gateways.
To install the Threat Prevention policy:
- From the Global toolbar, click .
The window opens showing the installation targets (Security Gateways).
- Select .
- Select
- - Install the policy on the selected Security Gateways without reference to the other targets. A failure to install on one Security Gateway does not affect policy installation on other gateways.
If the gateway is a member of a cluster, install the policy on all the members. The Security Management Server makes sure that it can install the policy on all the members before it installs the policy on one of them. If the policy cannot be installed on one of the members, policy installation fails for all of them.
- - Install the policy on all installation targets. If the policy fails to install on one of the Security Gateways, the policy is not installed on other targets of the same version.
- Click .
Monitoring Bot Activity
Scenario: I want to monitor bot activity in my organization without blocking traffic at all. How can I do this?
In this example, you will create this Threat Prevention rule, and install the Threat Prevention policy:
Name
|
Protected Scope
|
Action
|
Track
|
Install On
|
Monitor Bot activity
|
*Any
|
A profile that has these changes relative to the profile:
Go to the pane > section, and set all levels to .
|
Log
|
*Policy Targets
|
To monitor all bot activity:
- In SmartConsole, select .
- Create a new profile:
- From the section, click .
The page opens.
- Right-click a profile and select .
- Give the profile a name such as .
- Edit the profile, and under , configure all confidence level settings to .
- Select the - for example, .
This profile detects protections that are identified as an attack with low, medium or high confidence and have a medium or lower performance impact.
- Create a new rule:
- Click .
- Add a rule to the Rule Base.
The first rule that matches is applied.
- Make a rule that includes these components:
- - Give the rule a name such as .
- Keepso the rule applies to all traffic in the organization.
- Right-click in this cell and select .
- Keep .
- - Keep it as or choose Gateways to install the rule on.
- Install the Threat Prevention policy.
The IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction Software Blades have a dedicated Threat Prevention policy. You can install this policy separately from the policy installation of the Access Control Software Blades. Install only the Threat Prevention policy to minimize the performance impact on the Security Gateways.
To install the Threat Prevention policy:
- From the Global toolbar, click .
The window opens showing the installation targets (Security Gateways).
- Select .
- Select
- - Install the policy on the selected Security Gateways without reference to the other targets. A failure to install on one Security Gateway does not affect policy installation on other gateways.
If the gateway is a member of a cluster, install the policy on all the members. The Security Management Server makes sure that it can install the policy on all the members before it installs the policy on one of them. If the policy cannot be installed on one of the members, policy installation fails for all of them.
- - Install the policy on all installation targets. If the policy fails to install on one of the Security Gateways, the policy is not installed on other targets of the same version.
- Click .