< Home

Configuring Artificial Intelligence Engine

Context

The configuration roadmap is as follows:

  1. Set parameters in the AIE profile.
  2. Reference the configured AIE profile in the security policy.

Procedure

  1. Choose Object > Security Profiles > Artificial Intelligence Engine.
  2. Choose Artificial Intelligence Engine Profile tab, create an AIE profile using either of the following methods:

    • Click Add.
    • If the profile to be created is similar to an existing one, select the existing one, click Copy, and modify the profile.

  3. Configure the name and description of the profile, and enable the AIE. After the configuration is complete, click OK.

  4. Optional: Choose Artificial Intelligence Engine Whitelist tab, click Add to configure AIE whitelists.

    The whitelist of the AIE is a detection exception mechanism. You can add known secure IP addresses and domain names to whitelists to improve the detection accuracy and reduce false positives.

    Different detection engines support different types:

    • The DGA domain name request detection engine supports the configuration of IP address and domain name whitelists.
    • The brute-force cracking detection engine supports the configuration of IP address whitelists.
    • The malicious C&C flow detection engine supports the configuration of IP address whitelists.
    • The malicious encrypted C&C flow detection engine supports the configuration of IP address and certificate fingerprint whitelists.
    • The SQL injection detection engine supports the configuration of IP address whitelists.

  5. Reference the AIE profile in a security policy.

    For details on how to configure a security policy, see Configuring a Security Policy Using the Web UI.

Follow-up Procedure

After the AIE is configured, you can perform the following operations to modify configurations of the AIE:

To enable or disable a specific detection function of the AIE in an existing profile, click in the Edit column of the profile to be modified in the AIE profile list. After the configuration is modified, click OK.

Check or release the reference between the security policy and profile.

  1. To check for profile that is referenced by security policies, click View under References in the list of profile.

  2. To release the reference between the security policy and profile, choose the security policy and click Release.

    Click Release All, and then click OK, you can release all the references.

In addition, you can manage the AIE from the following aspects:

  • To ensure the effectiveness of the AIE, update the AIE database at scheduled time.

  • You need to modify the policy configuration in the AIE profile, based on logs and reports, where you can find the advanced threats that need to be blocked but actually not.

    You can choose Monitor > Logs > Threat Logs and Monitor > Report > Threat Report to search for logs and reports, respectively.

Parent Topic: Configuring Artificial Intelligence Engine Using the Web UI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >