Assign security connectors to a policy

An Enterprise Threat Protector administrator creates a policy to define how their company handles known or suspected threats, as well as violations of an acceptable use policy.

To direct malicious traffic to the security connector when it’s used as a DNS sinkhole, in a policy configuration, select the Block policy action and the Error Page response. You can then assign Security Connector to a category or list.

As a best practice, assign a security connector to the malware and command and control (C&C) categories. A C&C threat indicates that a user’s machine is already compromised by the time it’s detected. To clean compromised machines, you can use Security Connector to identify infected machines and get the information you need for remediation.

How to

  1. In the Enterprise Center navigation menu, select Policies > Policies.
  2. On the Policies page, click the plus sign.
  3. Enter a name and description for the policy.
  4. To configure a policy with settings from a predefined template, select one of these templates and click Continue:
    • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.
    • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
    • Custom. Lets you define policy actions for known and suspected threats.
  5. To assign a location, click the link icon and select a location or multiple locations.
  6. Configure policy settings in the Settings tab. To enable ETP Proxy, see Set up ETP Proxy.
  7. To assign a security connector to a threat category or a custom list:
    1. In the threat or the Custom List tab, select the Block action for a threat category or list. If you applied the Strict policy template, you may not need to perform this step.
    2. In the Response to User menu, select Error Page. If you applied the Strict policy template, you may not need to perform this step.
    3. In the Security Connector menu, select a security connector. To support HTTP or HTTPS traffic, make sure you upgrade security connector to version 2.5.0 or later.
    4. Repeat steps 7a to 7c to assign a security connector to other categories or lists.
  8. To enable alerts, toggle the Send Alert option to on.
  9. Click Save.

Next steps

  1. Deploy the configuration changes to the ETP network. For instructions see the Deploy Configuration Changes help topic.
  2. Test the security connector
  3. Add email addresses for Security Connector upgrade notifications