Seqrite Endpoint Security 8.2

External Threat Feed Settings

Print Friendly, PDF & Email

EPS is providing an option to customers for integrating with External Threat Feed to enable detailed threat analysis.
To integrate External Threat Feed with EPS, do the following steps.
Step 1 : Download EDR Setup on EPS Console
Step 2: On Oracle VM VirtualBox, fresh install MISP and Live Query server
Step 3: Get Authentication Key of MISP server
Step 4: Configure MISP server and scheduler on EPS console

Step 1 : Download EDR Setup on EPS Console

  1. Log on to the SEQRITE Endpoint Security.
  2. Go to EDR > Live Query.
  3. When you open this page for the first time, as Live Query Settings are not configured, you see the message about configuring Live Query Settings. Click Configure Live Query Settings.
  4. You are redirected to the Configurations > EDR page. Click Download EDR setup.

Step 2: On Oracle VM VirtualBox, fresh install MISP and Live Query server

For the fresh installation of MISP and Live Query server procedure, see EDR OVA Deployment.

Step 3: Get Authentication Key of MISP server

  1. Log on to MISP console.
  2. Go to Global Actions > My Profile > Auth Keys section.
  3. click + Add authentication key.
  4. The authentication key is displayed. Take note of it on paper or store it properly.
    NOTE: The authentication key will only be displayed once, so take note of it manually else it will be lost.

Step 4: Configure MISP server and scheduler on EPS console

To configure MISP server and Scheduler, follow these steps.

  1. Log on to the SEQRITE Endpoint Security.
  2. Go to Configurations > EDR.
  3. Select the Enable External Threat Feed check box.
  4. Enter host name in the Server text box.
  5. Enter Port number. By default, the value is 8443. You can change the port number if required.
  6. Enter the Authentication Key.
  7. In Schedule settings: Frequency, select either the Daily or Weekly option. If you select the Weekly option select Day.
  8. In Start At, set the time in hours and minutes.
  9. Select Hash Type, MD5 (default) or SHA1 or SHA256.
  10. Select Action to be taken at the endpoint when file matching hash is found from the list. You can select Quarantine or No action option.
  11. To test the External Threat Feed server connection, click Test connection.
  12. After successful verification, click Apply.
    The MISP server is configured.
    The automated searches are generated with Name format as Automated_Search_yyyyMMddHHmmss.
Was this page helpful?
Yes No

Leave a Comment