Introduction

Threat Lists are provided by our partners in Webroot and Proofpoint*. These lists are comprised of 3 pieces of information: IP address, category, and score.

• IP Address: where a threat originates from.
• Category: what type of threat has been identified.
• Score: a confidence score ranging from 1 to 100 where 1 is least likely to be a threat, and 100 is most likely to be a threat.

Threat Lists are used in Policy Risk Thresholds.

Out-of-the-box Threat Lists are refreshed in 5 minute intervals.

Configuring the Anomali Threat Lists

At this time, we are able to integrate with Threat Lists provided by Anomali if the user is subscribed.

To sync Anomali's Threat List with the Bandura Cyber platform:

• Navigate to Threat Lists > IPv4 in the left hand menu:
  https://gmc.banduracyber.com/threat-lists/ipv4 
• Click on the green '+' button in the top right corner.
• Click on the Type dropdown to select Anomali IPv4.
• Enter a unique name in the Name field, and optionally, provide a description for the list.
• Enter your Anomali User Name and API Key
• Use the slider to specify a threshold (e.g. get all IPs scored 90 and above).
• Select which categories of threats to pull into the Threat List.
• Click Create to create and save the list. 
  • Automatic lists from plugins can 15-30 minutes to populate initially.

Related Articles

• Default Lists Descriptions
• Configuring Policies