sandbox-detect (APT defense profile view)

Function

The sandbox-detect command specifies the file protocols and file transfer directions for sandbox inspection.

The undo sandbox-detect command deletes the specified file protocols and file transfer directions.

Format

sandbox-detect protocol-type direction { both | download | upload }

undo sandbox-detect protocol-type [ direction ]

Parameters

Parameter	Description	Value
protocol-type	File protocols subject to sandbox inspection	The protocols are as follows: FTP HTTP HTTPS IMAP NFS POP3 SMB SMTP
direction	File transfer direction subject to sandbox inspection	File transfer directions include: both: Indicates that files in the upload and download directions are inspected. download: Indicates that files in the download direction are inspected. upload: Indicates that files in the upload direction are inspected.

Parameter

Description

Value

protocol-type

File protocols subject to sandbox inspection

The protocols are as follows:

FTP
HTTP
HTTPS
IMAP
NFS
POP3
SMB
SMTP

direction

File transfer direction subject to sandbox inspection

File transfer directions include:

both:
Indicates that files in the upload and download directions are inspected.
download:
Indicates that files in the download direction are inspected.
upload:
Indicates that files in the upload direction are inspected.

Views

APT defense profile view

Default Level

2: Configuration level

Usage Guidelines

File protocol and file transfer direction are logically ORed. If a packet matches either the protocol or transfer direction, the packet matches the condition in the profile.

Example

# Set the file protocol to FTP and the file transfer direction to download for sandbox inspection.

<sysname> system-view
[sysname] profile type aapt name example
[sysname-profile-aapt-example] sandbox-detect FTP direction download