Server plugin linkage Settings
From version 2.0.11, the following plug-ins are automatically installed on the server when the product is installed, and basic information required for linkage is required.
- KISA C-TAS
- ReversingLabs A1000
- TrendMicro DDA
- Check Point SandBlast TE1000X
KISA C-TAS interworking
It provides an interworking function with the Cyber Threats information analysis-sharing system (C-TAS) provided by KISA. It can be used only for customers who have signed up for C-TAS and have been provided with a key for interworking, and Genian Insights E server requires a change to IOC DB Framework version v2.
| Item | Description |
|---|---|
| Export Key | Enter the Export Key information assigned by KISA. |
| Code(orgKey) | Enter the organization code (OrgKey) information assigned by KISA. |
| Sync interval | Sets how many minutes the data received from C-TAS is registered in the IOC Database (default: 30 minutes) |
| IP address expiration date | Sets the retention period of the IP addresses collected by Link Settings. (Default: 10 days) |
- From version 2.0.11, the C-TAS plug-in is installed together when installing the product. If installed normally, you can check the KISA C-TAS linkage settings in the System > Settings > Perferences > Threat Detection & Response menu.
- Change the linkage status to Use and enter the linkage information and additional information provided by KISA.
- After entering information, click the check button in the upper left corner to save the settings information.
- Go to System > System > Software > Server Plugin Management menu, check CTAS in the plug-in list, and click the ‘Immediate execution’ button on the right to perform the linkage.
- Receives data from C-TAS every cycle set in 2 and updates it in the IOC Database.
- When a threat is detected with information registered in C-TAS, it is displayed as CTAS in the Feed information of the Threat2 index.
Integration with ReversingLabs A1000
Threat Analysis using ReversingLabs A1000 is provided. (Applicable to ReversingLabs A1000 customers) By sending the file information present in the Threat2 index to ReversingLabs A1000, you can request analysis for malicious code and check the result on the Genian Insights E server.
| Item | Description |
|---|---|
| URL | Settings for ReversingLabs A1000 product IP or URL information. |
| USERNAME | USERNAME information for ReversingLabs A1000 product linkage. |
| PASSWORD | PASSWORD information for reversingLabs A1000 product linkage. |
| Link result | Displays the status of interworking with ReversingLabs A1000 products. If communication is successful, 'Linked' is displayed. |
- Starting with version 2.0.11, ReversingLabs A1000 plug-in is installed when installing the product. Go to the System > Settings > Perferences > Threat Analysis menu, change the ReversingLabs A1000 Settings to ON, enter the URL and account information, and click the ‘Check’ button at the top left to view the settings Save.
- After ThreatsAnalysis, click the Threats Analysis button on the left side of the Analysis > Management menu list to go to the Threats detail screen and click the ‘Threats Analysis Results’ button on the upper left.
- You can check the Threats Analysis Report for each integration plug-in.
TrendMicro DDA integration
Threat Analysis using TrendMicro DDA is provided. (Applicable to customers who have TrendMicro DDA, and the compatible version is Deep Discovery Analyzer 6.1.) By sending the file information that exists in the Threat2 index to TrendMicro DDA, you can request analysis of whether it is malicious code, and check the result on the Genian Insights E server.
| Item | Description |
|---|---|
| API Key | Sets the API key information provided by the TRENDMICRO DDA product. The API key is provided on the About screen of the Help menu of the DDA product. |
| URL | Enter the TRENDMICRO DDA product IP or URL. |
| Time Zone | Sets the time zone used by the TRENDMICRO DDA product. |
| Link result | Displays the linkage status with TRENDMICRO DDA products. If communication is successful, 'Linked' is displayed. |
- From version 2.0.11, TrendMicro DDA plug-in is installed together with product installation. Go to the System > Settings > Perferences > Threat Analysis menu, change the TrendMicro DDA Settings to ON, enter the integration API Key, URL and time zone information, and click the ‘Check’ button at the top left to save the settings information.
- After ThreatsAnalysis, click the Threats Analysis button on the left side of the Analysis > Management menu list to go to the Threats detail screen and click the ‘Threats Analysis Results’ button on the upper left.
- You can check the Threats Analysis Report for each integration plug-in.
Check Point SandBlast TE1000X interlock
Threat Analysis using Check Point SandBlast TE1000X is provided. (Applicable to customers with Check Point SandBlast TE1000X) By sending the file information that exists in the Threat2 index to Check Point SandBlast TE1000X, you can request whether it is malicious code or not, and check the result on the Genian Insights E server.
| Item | Description |
|---|---|
| URL | Enter the Check Point SandBlast TE1000X product IP or URL. |
| Version | Enter the Check Point SandBlast TE1000X product version (Example: v1) |
| API Key | Check Point Sets API key information provided by SandBlast TE1000X product. |
| Link result | Check Point SandBlast TE1000X Displays the linkage status. If communication is successful, 'Linked' is displayed. |
- From version 2.0.11, Check Point SandBlast TE1000X plug-in is installed together when installing the product. Go to the System > Settings > Perferences > Threat Analysis menu, and change the Check Point SandBlast TE1000X Settings to ON
- After entering the URL, product version, and linked API Key, click the ‘Check’ button at the top left to save the settings information.
- After ThreatsAnalysis, click the Threats Analysis button on the left side of the Analysis > Management menu list to go to the Threats detail screen and click the ‘Threats Analysis Results’ button on the upper left.
- You can check the Threats Analysis Report for each integration plug-in.
Update Server Plugin
Add plugin
- Go to System > System > Software > Server Plugin Management and click the ‘Add’ button to upload the external linkage plug-in (extension gpp) file.
- After checking whether to use the file list in the field whether to use it first, click the 'Immediate' button on the right side of the screen.
- A blue icon is displayed in the Status field if it is operating normally.
Delete plugin
- Select the plug-in list to be deleted and click the ‘Delete’ button.
- A pop-up window to confirm deletion of the plug-in appears, and if you click OK, the plug-in is deleted.