Configuring SNS
The operations in this section are to be performed in the SNS firewall web administration interface, if the SNS firewall is not managed by SMC. For SMC-managed firewalls, go directly to the section Configuring SMC.
Configuring logs
For more information, refer to the Syslog tab section in the SNS user manual of the relevant version:
For more information on getting logs through SLS, refer to the section Getting the logs from an SNS firewall in the SLS deployment guide that corresponds to your hypervisor:
Creating the object groups XDR_IP_blocked and XDR_internet_blocked_IP
Some playbooks use groups that need to be created in advance.
-
Go to Configuration > Objects > Network and click on Add.
-
Select Group.
-
Enter XDR_IP_blocked in the Object name field and click on Create.
-
Repeat the process by entering XDR_internet_blocked_IP in the Object name field.
Creating filter rules
These groups can now be used in 'block' filter rules. Some Stormshield XDR playbooks will create objects in this group, which correspond to IP addresses that must be blocked:
-
XDR_internet_blocked_IP contains only public Internet IP addresses,
-
XDR_IP_blocked contains only private IP addresses.