Assign security connectors to a policy

An ​SIA​ administrator creates a policy to define how their company handles known or suspected threats, as well as violations of an acceptable use policy.

To direct malicious traffic to the security connector when it's used as a DNS sinkhole, in a policy configuration, select the Block policy action and the Error Page response. You can then assign Security Connector to a category or list.

As a best practice, assign a security connector to the malware and C&C categories. A C&C threat indicates that a user's machine is already compromised by the time it's detected. To clean compromised machines, you can use Security Connector to identify infected machines and get the information you need for remediation.

To assign security connectors to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. On the Policies page, click the plus sign.

  3. Enter a name and description for the policy.

  4. To configure a policy with settings from a predefined template, select one of these templates and click Continue:

    • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.

    • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.

    • Custom. Lets you define policy actions for known and suspected threats.

  5. To assign a location or sub-location, click the link icon for locations or sub-locations, and select one or more. Then click Associate.

  6. Configure policy settings in the Settings tab. To enable ​SIA​ Proxy, see Set up ​SIA​ Proxy.

  7. To assign a security connector to a threat category or a custom list:

    1. In the threat or the Custom List tab, select the Block action for a threat category or list. If you applied the Strict policy template, you may not need to perform this step.

    2. In the Response to User menu, select Error Page. If you applied the Strict policy template, you may not need to perform this step.

    3. In the Security Connector menu, select a security connector. To support HTTP or HTTPS traffic, make sure you upgrade security connector to version 2.5.0 or later.

    4. Repeat steps 7a to 7c to assign a security connector to other categories or lists.

  8. To enable alerts, toggle the Send Alert option to on.

  9. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

  1. If you haven’t deployed the policy, make sure you deploy it to the ​SIA​ network. For instructions, see Deploy configuration changes.

  2. Test the security connector.

  3. Add email addresses for Security Connector upgrade notifications.