NSFOCUS ADS integrates NSFOCUS Threat Intelligence (NTI) capability to block IP addresses with high threat levels and risks.
To ensure data reliability, ADS allows the daily update of intelligence data and offers optional update time periods. ADS also provides an exception IP function to filter IPs in NTI. IPs in exception IP no longer go through the threat intelligence protection process but still go through other protection processes.
In addition, ADS also provides the ability to query intelligence, which can query IP intelligence data in local intelligence packages or query intelligence data in the cloud threat intelligence center.
1. Configuration
(1)Advanced–>NTI–>NTI Configuration
Configure the main switch of the function, the protection scope, the sharing ability, and the cloud query server address, using the domain name nti.nsfocusglobal.com. At the same time, this page can also see the synchronization and sharing records, and can also test the connection status of the query server.
(2) Advanced–>NTI–>NTI Application Effect and Query
This page contains two sub-tabs, one is the NTI Application Effect, and the other is the Threat Intelligence Search page.
The NTI Application Effect displays the hit situation and the top 1000 data. The top 1000 is sorted by the number of hit packets. If the number of hits exceeds 1000 and is not displayed in this list, you can also query it through the query box above.
Threat Intelligence Search page can query the IP address in the local intelligence database or the cloud intelligence database. After the search, part of the IP address intelligence data will be displayed. If want to see more intelligence data, click the local details or cloud details after the search result.
Cloud details:
2. NTI Upgrade
Advanced–>NTI–>NTI Upgrade
This page is about upgrades. It should be noted that after the intelligence function is enabled in the NTI configuration, if need to automatically download from the cloud, enable automatic synchronization here, otherwise the intelligence data will not be automatically downloaded. If cannot connect to the external network, go to the NSFOCUS upgrade site update.nsfocusglobal.com, import the license and download the offline package. Note: Can only download the B package indicator.
The default effective time (Period of Validity) of automatically downloaded intelligence data after it is sent to the engine is 24 hours, which is fixed. The effective time of manually uploaded intelligence data can be selected. The NTI upgrade does not involve any restart. The upgrade record only saves all upgrade actions after startup, and it will be gone after restart.
3. NTI IP Exceptions
Advanced–>NTI–>IP Exceptions:
After the IP Exceptions is enabled, filter the IP or IP segment added to the exception IP and skip the threat intelligence protection process.
