Requirements
To block a content with Custom Threat Intelligence, you must first set the related Threat Category's Auto Response to Block in .
For example, if you want to block a domain in the Phishing Threat category, you must set the Phishing Threat category to Block in first. Then you can use the Phishing Threat category to block the domain with Custom Threat Intelligence.
- In Jamf Security Cloud, navigate to .
- Select the level at which you want to configure your threat intelligence.
- Click Export to generate a CSV file of your current settings. If this is your first time using Custom Threat Intelligence, a sample template CSV file will be generated.
- Open the CSV file and edit as required. Valid entries in each column are as follows:
-
Resource: A domain name, IP address, or URL. For example, 192.0.2.255 or www.example.com.
-
Action: Block or Allow are the only valid values. Block will categorize the resource as malicious. Allow will allow access to the resource, even if the other security settings consider it malicious.
-
Threat category: The name of the Threat Category the resource should be assigned to. Threat Categories are: Cryptojacking, Malware network traffic, Phishing, Spam, or Third-party app store traffic.
- Save the file.
- Select the file by dropping it in the Update Threat Intel from CSV area, or click in the area to browse to it.
- Click Upload CSV.
Note:
Uploading a new CSV file will replace the current threat intelligence list. Jamf recommends that you keep copies of historic files in case you want to rollback any changes.
The changes are applied, and the domains specified under the threat categories in the uploaded CSV file are allowed or blocked as per your security policy.