tencent cloud

Tencent Cloud Firewall

Release Notes and Announcements
Release Notes
Engine Release Notes
Product Announcement
Getting Started
Product Introduction
Overview
Advantages
Scenarios
Key Concepts
Supported Region
CFW High Availability Specification
Purchase Guide
Billing Overview
Purchase Instructions
Billing Modes
Renewal Instructions
Resource deletion upon expiration
Refund Instructions
Operation Guide
Firewall Toggle
Asset Center
Alert Management
Traffic Monitoring
Access Control
Intrusion Defense
Network Detection and Response
Honeypot
Log Audit
Log Analysis
Log Shipping
Log Fields
Notifications and Settings
Common Tools
Practical Tutorial
Use Cloud Firewall with Other Products
DNS Firewall Practical Tutorial
Practical Tutorial for Protecting Against Mining Attacks
Inter-VPC Firewall Practice Tutorial
Troubleshooting
Solution for False Alarms and False Positives
API Documentation
History
Introduction
API Category
Making API Requests
Intrusion Defense APIs
Access Control APIs
Other APIs
Enterprise Security Group APIs
Firewall Status APIs
Data Types
Error Codes
FAQs
Basic Introduction
Bandwidth
Firewall
Feature
Log
Account
Billing
Others
Service Level Agreement
CFW Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationTencent Cloud FirewallOperation GuideIntrusion DefenseEnabling Threat Intelligence

Enabling Threat Intelligence

PDF
Focus Mode
Font Size
Last updated: 2024-01-24 16:09:41
After threat intelligence is enabled, CFW feeds network perimeter traffic to the threat intelligence detection and analysis engine to identify unknown risks beyond access control rules. Prioritized protection packages are also available to enhance risk resistance capabilities in prioritized protection scenarios.

Directions

1. Log in to the Cloud Firewall console and click Intrusion Protection System in the left navigation pane.
2. On the Intrusion protection system page, click

next to Threat intelligence to enable this feature.
Note:
Only when threat intelligence and edge firewall are both enabled for a public IP address, CFW monitors and analyzes the north-south traffic on this IP address based on the threat intelligence.

3. After threat intelligence is enabled, CFW feeds network perimeter traffic to the threat intelligence detection and analysis engine to identify unknown risks beyond access control rules:
Malicious incoming access: CFW detects malicious scanning, brute-force attacks, and remote control from malicious IP addresses to cloud assets, as well as mining Trojans, ransomware, and other threat samples.
Outgoing access: CFW detects outgoing access from cloud assets to external malicious IP addresses or domain names, and identifies potential server compromise risks through the comparative analysis of big data provided by threat intelligence.

More Information

For questions about intrusion defense, please see Intrusion Protection System.
Previous Topic: Special ScenariosNext Topic: Enabling Basic Protection

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback