DescriptionProvision Network Access Based on Application Threat Score
ScopeVersion: Network Sentry 8
SolutionVersion: Network Sentry 8
Network Sentry collects application information through the use of agent technology and MDM integrations. As hosts are scanned, the list of applications in Hosts > Application View is updated in the Administrative UI. To indicate a specific level of trust for particular applications, a Threat Score can be assigned. It is possible to provision a host's network access based on this Threat Score.
Note: Threat Score fields are only available with the Secure Enterprise Premier license. To verify license type installed in Network Sentry, navigate to System > Settings System Management > License Management.
1. Determine the Threat Score range to match. Note this applies to any application matching the score.
Navigate to Hosts > Application View
There are two columns, Threat Score and Threat Override.
Threat Score: The threat score assigned to the application by the Threat Analysis Engine added under System > Settings > System Communication > Threat Analysis Engines. The value will be an integer between 1 and 10. Refer to vendor documentation for more information regarding thread score values and how they are determined. Only FireEye MTP is available to be added as a Threat Analysis Engine at this time.
Threat Override: Manually set override value (trusted or untrusted).
Untusted Threat Score Override Value = 10
Trusted Threat Score Override Value = 1
2. Create User/Host Profile with desired criteria including the Threat Score.
To add the Threat Score, click Add next to "Who/What by Attribute:"
Under Application tab, check the box next to Threat Score and set the desired range.
3. Create the Network Access Configuration (if not already created) to assign the Network Access Value.
4. Create Network Access Policy to tie the Host/User profile and Configuration.
5. Rank the policy as appropriate.
See also
Configuring a Network Access Policy
