Customize risk detection
- Customize and annotate the network topology.
- Define trusted traffic ("white rules") to treat specified types of traffic as non-threatening.
For more details, see Customize risk and compliance management.
Match a Risk Profile to Your Topology: Watch to learn about applying risk profiles to your device topology.
Customizing the Topology
The Customize Topology page lets you customize the network topology of a device or matrix that is analyzed by AFA. Customizing the topology allows you to:
- Mark the DMZs: You can identify and monitor incoming and outgoing traffic related to the designated DMZs.
- Choose which interface is external and which interface is internal to your network: By default, AFA identifies the external interface according to the default route in the routing table. In some cases, for example where the network is connected to a business partner, the default decision is wrong and will cause erroneous reports. Mark multiple external zones and DMZs. Some networks are configured with more than one external zone (i.e., there are two ISPs).
- Define external zones: In some cases there is no default route. Using the Customize Topology feature enables you to identify the external zone of the network.
For more details, see:
Customizing trusted traffic
Defining trusted traffic allows you to customize AFA to treat specified types of traffic as non-threatening. This lets you eliminate any false-alarms triggered by traffic that is necessary for your business.
You can customize trusted traffic from the AFA Web interface or from a device report. For details, see Customize trusted traffic.
Important: When you are trusting a risky rule, you are trusting the traffic determined by this rule and all other rules whose traffic definition is covered by the rule.