Threat intelligence - User Guide (Unavailable Soon)| Alibaba Cloud Documentation Center

Threat intelligence helps you automatically block access requests from common vulnerability scanners or from IP addresses in the Alibaba Cloud library of identified port scan attackers.

Prerequisites

You can enable this feature only when the following conditions are met:

You have bought a monthly or yearly subscription WAF service. For more information, see Activate Alibaba Cloud WAF.
You have added your domain to WAF for protection. For more information, see Add domain names.
You have enabled Web application protection and HTTP flood protection. For more information, see Web application protection and HTTP flood protection.

Background information

You can enable the threat intelligence feature to automatically block access requests from common vulnerability scanners, including sqlmap, Acunetix Web vulnerability scanner (AWVS), Nessus, AppScan, WebInspect, Netsparker, Nikto, and RSAS. You can also use the collaborative defense function of this feature to automatically block access requests from all IP addresses in the Alibaba Cloud global library of identified port scan attackers.

Procedure

Log on to the WAF console.
In the left-side navigation pane, choose Management > Website Configuration. On the Website Configuration page that appears, select the region of your WAF instance (Mainland China or International).
Find the domain to be configured in the domain list, and click Policies in the Operation column.
On the page that appears, scroll down to the Threat Intelligence area and enable or disable the protection functions as required.
The following protection functions are available in threat intelligence:
- Scanning Tool Blocking: identifies common vulnerability scanners and blocks their access requests.
- Collaborative Defense: automatically blocks access requests from all IP addresses in the Alibaba Cloud global library of identified port scan attackers.