[ERT Active Attackers Feed Menu] action - Set IP Reputation action country - Block/Unblock countries menu wlist - IP Allowlist menu eaaf - Enable/disable ERT Active Attackers Feed service indirect - Feed download location endpoint - Set vision/Cyber controller endpoint for indirect feed download vision - Vision Url cur - Display current ERT Active Attackers Feed configuration trevpol - Set Traffic Event Log Policy aggrgate - Set aggregation time of events evntrate - Set the maximum number of EAAF events to send per second for every single IP |
Command Syntax and Usage | |
---|---|
action <category|severity level> | |
Specifies whether to allow, block, or alert malicious IP addresses based on category and risk severity level. Values ![]() ![]() Default: allow (for all categories and risk levels) | |
country | |
Displays the Blocked Countries List menu which allows you to specify whether to allow or block traffic from listed countries. Values: ![]() ![]() ![]() | |
wlist | |
Displays the IP Allowlist menu which allows you to specify whether to allow or block traffic from listed IP addresses. Values: ![]() ![]() ![]() | |
eaaf disabled|enabled | |
Specifies whether to enable the ERT Active Attackers Feed feature. You need a valid license to enable this functionality. Note: Enabling EAAF requires a device reboot (VA or VX) to allocate the necessary memory for the feed. Default: disabled | |
cur | |
Displays the current ERT Active Attackers Feed settings. | |
indirect disabled|enabled | |
Specifies whether to process the feed coming to Alteon from the Radware domain. Note: If indirect is enabled, you have to configure the Cyber Controller/APSolute Vision endpoint. Default: disabled | |
endpoint manual|active | |
Sets the Cyber Controller/APSolute Vision reporter parameters. ![]() ![]() Note: When adding Alteon to Cyber Controller tree, Alteon 'learns' the Cyber Controller high availability IP addresses and keeps monitoring their status. Make sure that the Cyber Controller table is not empty when setting the type to "active". This option is also applicable with Cyber Controller in standalone mode. Values: manual, active | |
vision disabled|enabled | |
Specifies whether to process the feed coming to Alteon from the Cyber Controller (or APSolute Vision 4.x) host name or IP address. Default: disabled | |
trevpol | |
Displays the Traffic Event Log menu for configuring traffic event policies. To view this menu, see /cfg/slb/trevnt/trevpol Traffic Event Log Policy Menu. | |
aggrgate [15|30|60|300|900] | |
Specifies the aggregation period which is a global parameter for each entire EAAF table. During this time, Alteon aggregates events through the source IPs. By the end of this period, Alteon sends the (aggregated) event to Cyber Controller (or APSolute Vision 4.x) or any other syslog server. This parameter is required for generating EAAF events. Default: 60 seconds | |
evntrate | |
Specifies the maximum number of EAAF events to send per second for every single SP. |