08-13-2019 09:04 AM - last edited on 08-20-2019 12:19 PM by dhuckaby
I apologize if this has been asked/answered - but I am looking for answers on the inter-dependencies of ETA/Cognitive Intelligence, and most specifically the SLIC feed.
We are purchasing new flow sensors with anticipation of taking advantage of the ETA capabilities in 7.1 for internet traffic
We had NOT planned on purchasing the SLIC feed license
Can I still expect to get the benefits of ETA/Cognitive Intelligence without the SLIC feeds?
Thanks in advance for the assistance!
Bob
Solved! Go to Solution.
08-22-2019 07:40 AM
The short answer is Yes.
The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC. The big advantage of SLIC is that it is fast. If an external IP matches an IP on the Threat Feed list then there is an alarm.
Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring. Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.
Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.
08-22-2019 07:40 AM
The short answer is Yes.
The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC. The big advantage of SLIC is that it is fast. If an external IP matches an IP on the Threat Feed list then there is an alarm.
Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring. Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.
Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide