Configuring Network Threat Protection in the command line

In the command line, you can manage Network Threat Protection using the Network Threat Protection predefined task (Network_Threat_Protection).

By default, the Network Threat Protection task does not run. You can start and stop the task manually.

You can configure Network Threat Protection settings by editing the settings of the Network Threat Protection predefined task.

Network Threat Protection task settings

Setting

Description

Values

ActionOnDetect

Actions performed upon detection of network activity that is typical of network attacks.

Changing the value of this setting from Block to Notify clears the list of blocked devices.

Notify – allow network activity, log information about detected network activity. If this value is specified, the value of the BlockAttackingHosts parameter is ignored.

Block (default value) – block network activity and log information about it.

BlockAttackingHosts

Blocking network activity from attacking devices.

Yes (default value) — Block network activity of an attacking device.

No – Do not block network activity of the attacking device. If this value is specified and the ActionOnDetect parameter is set to Block, the application blocks network activity from the attacking device, but does not add the device to the list of blocked devices.

BlockDurationMinutes

Specifies how long attacking devices will be blocked (in minutes).

1 – 32768

Default value: 60.

UseExcludeIPs

The usage of a list of IP addresses whose network activity will not be blocked when a network attack is detected. The application will only log information about dangerous activity from these devices.

You can add IP addresses to the exclusion list by using the ExcludeIPs.item_# setting.

Yes — Use the list of excluded IP addresses.

No (default value) — Do not use the list of excluded IP addresses.

ExcludeIPs.item_#

Specifies an IP address whose network activity will not be blocked by the application. By default, the list is empty.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

The default value is not defined.

Page top