Section – Threat Intelligence Feed

Enables the Webroot threat intelligence feed. Once the feed is enabled, the database version field will automatically be updated.

User ID for Webroot. This ID is generated from the Webroot license ID and one encrypted MAC address of the machine that receives updates from the Webroot feed. This value may be needed in support cases.

Defines the interval in minutes for polling the threat intelligence feed database.

The database version is provided by the threat intelligence service and updated every time a differential update has been loaded from the threat intelligence feed. The database version indicates the status of the IP Address Lists obtained from Webroot.

Enables a proxy for connections to the Webroot feed.

The HTTPS proxy server to be used.

• The proxy server must support tunneling via the HTTP CONNECT method. Intercepting proxies are not supported.
• In case the proxy server utilizes IPv6, use the IPv6 address as the hostname.

The HTTPS proxy server port to be used.

The username to authenticate on the proxy.

The password to authenticate on the proxy.

To test the connectivity to the Webroot Threat Intelligence service login into Airlock Gateway with SSH as user "root" and execute the following "curl" command:

curl -I api-dualstack.bcti.brightcloud.com

or the following "curl" command in case you use a proxy server:

curl -Ix http://user:password@proxyhost:port api-dualstack.bcti.brightcloud.com

The server should answer with "HTTP/1.1 200 OK" if the connectivity is given.

All interaction with the Webroot threat intelligence feed are logged as part of the normal operation of Airlock Gateway. To find the log entries in the Log search for the "program" with the name "ip-info-service".