aie whitelist
Function
The aie whitelist command configures an AIE whitelist.
The undo aie whitelist command deletes the AIE whitelist.
Format
aie whitelist module module-name item type-name value-content
undo aie whitelist module module-name item type-name value-content
Parameters
| Parameter | Description | Value |
|---|---|---|
module module-name |
Specifies the detection engine for which a whitelist needs to be configured. |
The value must be the name of the detection engine supported by the device. Set this parameter as prompted. |
type-name |
Specifies a whitelist type. |
The value can be:
Different detection engines support different types:
|
value-content |
Specifies a whitelist value. |
Set a whitelist value based on the specified whitelist type. |
Usage Guidelines
This command is supported since V600R007C20SPC300.
The whitelist of the AIE is a detection exception mechanism. You can add known secure IP addresses and domain names to whitelists to improve the detection accuracy and reduce false positives.
The DGA domain name request detection engine is used as an example. In this example, a user has a random domain name and uses it for normal service access. In this case, you can add the domain name to a whitelist to prevent the engine from identifying the domain name—based traffic as an attack and continuously reporting alarms.
When configuring a domain name whitelist, you need to specify the primary domain name or subdomain name within the range specified in the whitelist. For example, if this parameter is set to the primary domain name huawei.com, all subdomain names under the primary domain name are added to the whitelist.
Correctly configuring the whitelist can reduce false positives. However, if the whitelist is incorrectly configured, missing detection may occur. Ensure that you are familiar with the network environment and correctly configure the whitelist.