Disallowed Country of Remote Host

Disallowed Country of Remote Host

The disallowed Country Of Remote Host is accessible under PoliciesConnection PoliciesDisallowed Country of Remote Host.

The disallowed Country Of Remote Host contains a list of country of remote host that are not allowed to establish in the system.

Any remote hosts that are listed in the this policies will make Neuralyzer trigger an alert when they are established to that country.

Disallowed Country of Remote Host policies are added manually by the user.

Note: The blocklist policy can be detected even user didn’t turn on Anomaly Detection.

Actions on Disallowed Country of Remote Host

1. View policy

Disallowed Country of Remote Host page is paginated, each page contains 20 records, the total number of policy records are displayed at the bottom of the list.

Policies are displayed in a list, each record contains the following information:

  • Source device/host: field source device can have these following values:

    • Device name in the system, detected by Neuralyzer.
    • Device type/subtype, which indicates that the policy will apply to all devices of that type/subtype.
    • Device vendor, detected by Neuralyzer.

  • Country: where is the remote host that the source device/host communicate to.

2. Create a new policy

You can create a new policy by tapping on button “+” on the top right of the Policy screen, a policy creation pop-up will appear.

FieldType of inputNote
Source device/host
  • Choose from drop-down list
  • Input device name (support searching by device’s name and IP)
  • Choose a specific device to apply to that device only
  • Choose a device type to apply to all devices of that type
  • Choose a vendor to apply to all devices have that vendor
Enable/Disable policy option
  • Tap to turn on/off policy
Country of Remote Host
  • Choose from drop-down list
Criticality
  • Choose from drop-down list
  • Alert criticality

3. Edit policy

You can edit a policy by tapping on “Edit” button on the right of each policy record, a policy editing pop-up will appear.

In the pop-up editing, you can see the detail policy. You can edit by clicking on the field to be edited and perform input operations like when creating a policy.

When finished editing, click “Save” to save the changes or “Cancel” to discard all.

4. Filter policy

Filter for policy list is located at the top of the policy page.

You can search on one or more fields of the policy, just input value onto one or more fields on.

E.g. You want to search policy for a source device/host with ip 192.168.1.120, proceed to input “192.168.1.120” into field source device/host, the result list will displayed.

Click the “Clear” button to clear the values in the filters.

Note: You can input device name or IP into source device/host or destination device field, we support searching device by both name and IP.

5. Remove policy

You can remove a policy from the list by clicking the "Delete" button on each of the policy record.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Discovery Mode
On This Page
Disallowed Country of Remote HostDisallowed Country of Remote HostActions on Disallowed Country of Remote Host1. View policy2. Create a new policy3. Edit policy4. Filter policy5. Remove policy