Configuring SMC
Enabling the SMC API
To connect SMC to SLS, an API key needs to be created. For more information, see the section Enabling and managing SMC's public API in the SMC administration guide. Once the key is created, store it, as you will need it when configuring SLS.
For more information on the links between SMC and SLS, refer to the section Accessing the Stormshield Log Supervisor (SLS) server in the SMC administration guide.
Creating the object groups XDR_IP_blocked and XDR_internet_blocked_IP
Some playbooks use groups that need to be created in advance.
-
Log in to the SMC server.
-
Click on Objects > Create an object.
-
Select Group.
-
Enter XDR_IP_blocked in the Object name field and click on Create.
-
Repeat the process by entering XDR_internet_blocked_IP in the Object name field.
Creating filter rules
These groups can now be used in 'block' filter rules. Some Stormshield XDR playbooks will create objects in this group, which correspond to IP addresses that must be blocked:
-
XDR_internet_blocked_IP contains only public Internet IP addresses,
-
XDR_IP_blocked contains only private IP addresses.
For more information on creating and deploying filter rules, refer to the section Creating filter and NAT rules in the SMC administration guide.