Dynamic Network Objects
Dynamic network objects are dynamic lists of IP or MAC addresses. They are dynamically modified by policy Rules.
Dynamic network objects are used to track the state of hosts and create host groups with common behavior on the fly. The hosts of the group share a specific characteristic or property that is not static but depends on events happening dynamically in the running system. Based on this behavior, a specific set of rules is applied to them. This allows the policy engine to adapt to changing situations. It dynamically controls what rules are applied to different groups of hosts in real time.
Under Dynamic Network Objects, the table displays the dynamic network objects that are defined in the system and gives a summary of their configuration. For further information, see Dynamic Network Objects Settings.
The icons in last table column allow you to edit or delete the respective object.
Tip
Click the number in the Counts column to see the entries that the dynamic network object currently contains. If you want to delete the content of the dynamic network object, click RESET STATE in this view.
Global dynamic network objects are placed at the top of the table. Objects used in correlation scenarios are grouped by scenario. To add a new global dynamic network object to the system, click the Add Global Dynamic Network Object button above the overview table.
Note
To create dynamic network objects for correlation scenarios, you need to create them directly in the respective scenario. Click the name of the scenario to access its settings screen (see Advanced Correlation Scenario Settings). In the Dynamic Network Objects tab, click Add.
Dynamic Network Objects Settings
When you add a new dynamic network object or edit an existing one, the settings screen is displayed.
The General section provides the following options:
Field |
Description |
|---|---|
Name |
Enter the name of the object. |
Note |
Optional: Add a short description of the object. |
The Settings section provides the following options:
Field |
Description |
|---|---|
Network |
Allocate the network object to the internal or external network. Note that Threat Defender does not create asset database entries for hosts located in the External network. |
Size |
Enter the maximum number of assets that can be added to the dynamic network object. |
Timeout |
Specify in seconds for how long entries remain in the dynamic network object. When the set time expires, the entries are automatically removed from the dynamic network object. If you set the timeout to |
Forced Includes |
Prefill the network object with hosts for the time specified in Timeout. Enter their IP addresses separated by commas. |
Excluded IP Addresses |
To define exceptions, specify IP addresses to be excluded from the dynamic network object. Enter the IP addresses separated by commas. |
MAC Addresses |
To define exceptions, specify MAC addresses to be Excluded from the dynamic network object. The MAC addresses have to be separated by commas. To indicate MAC address ranges, leave out pairs of characters while preserving the separating colons starting at the end of the MAC address. For example: |
The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).