Direct lookups for IP reputation classifications
To ensure that your IP reputation classifications are using the most recent
classification information that is available, create rules and queries that use direct X-Force IP reputation lookups.
You can use the following X-Force IP categorizations:
- Anonymization Services
- Botnet Command and Control Server
- Bots
- Cryptocurrency Mining
- Dynamic IPs
- Malware
- Scanning IPs
- Spam
For example, a rule that uses the Anonymization Services categorization might use the following building block:
when Destination IP is categorized by X-Force as Anonymization Services with confidence value greater than 50In Ariel Query Language (AQL), you can use the XFORCE_IP_CATEGORY function
instead.