Section – Threat Intelligence Feed

Threat Intelligence

Enable feed

Enables the Webroot threat intelligence feed. Once the feed is enabled, the database version field will automatically be updated.

User ID

User ID for Webroot. This ID is generated from the Webroot license ID and one encrypted MAC address of the machine that receives updates from the Webroot feed. This value may be needed in support cases.

Polling interval

Defines the interval in minutes for polling the threat intelligence feed database.

Database version

The database version is provided by the threat intelligence service and updated every time a differential update has been loaded from the threat intelligence feed. The database version indicates the status of the IP Address Lists obtained from Webroot.

Use proxy

Enables a proxy for connections to the Webroot feed.

Proxy Host

The HTTPS proxy server to be used.

  • The proxy server must support tunneling via the HTTP CONNECT method. Intercepting proxies are not supported.
  • In case the proxy server utilizes IPv6, use the IPv6 address as the hostname.

Proxy Port

The HTTPS proxy server port to be used.

Username

The username to authenticate on the proxy.

Password

The password to authenticate on the proxy.

To test the connectivity to the Webroot Threat Intelligence service login into Airlock Gateway with SSH as user "root" and execute the following "curl" command:

curl -I api-dualstack.bcti.brightcloud.com

or the following "curl" command in case you use a proxy server:

curl -Ix http://user:password@proxyhost:port api-dualstack.bcti.brightcloud.com

The server should answer with "HTTP/1.1 200 OK" if the connectivity is given.

Logging

All interaction with the Webroot threat intelligence feed are logged as part of the normal operation of Airlock Gateway. To find the log entries in the Log search for the "program" with the name "ip-info-service".