Disallowed Country of Remote Host
Disallowed Port/Period
The disallowed Port/Period is accessible under Policies → Connection Policies → Disallowed Port/Period.
The disallowed Port/Period contains a list of ports and communication time that are not allowed to establish in the system.
Any port and communication time that are listed in the this policies will make Neuralyzer trigger an alert when they are established in the system.
Disallowed Port/Period policies is added manually by the user.
Note: The blocklist policy can be detected even user didn’t turn on Anomaly Detection.
Actions on Disallowed Port/Period
1. View policy
Disallowed Port/Period page is paginated, each page contains 20 records, the total number of policy records are displayed at the bottom of the list.
Policies are displayed in a list, each record contains the following information:
Source device: field source device can have these following values:
- Device name in the system, detected by Neuralyzer.
- Device type/subtype, which indicates that the policy will apply to all devices of that type/subtype.
- Device vendor, detected by Neuralyzer.
- Custom a specific External IP address.
- “Any”, which indicates that the policy will apply to all devices.
Destination device: as same as source device.
Note: Device type will be displayed with green background, “Any” will be displayed with red background.
- Protocol: Each record display a single protocol that allow for the connection between 2 devices.
2. Create a new policy
You can create a new policy by tapping on button “+” on the top right of the Policy screen, a policy creation pop-up will appear.
| Field | Type of input | Note |
|---|---|---|
| Source device | Choose from drop-down list Input device name (support searching by device’s name and IP) | Choose a specific device to apply to that device only Choose a device type to apply to all devices of that type Choose a vendor to apply to all devices have that vendor Choose option “Any” to apply to all devices |
| Destination device | Choose from drop-down list Input device name (support searching by device’s name and IP) | Choose a specific device to apply to that device only Choose a device type to apply to all devices of that type Choose a vendor to apply to all devices have that vendor Choose option “Any” to apply to all devices |
| Protocol | Choose from drop-down list Input protocol name (support searching by layer and protocol’s name) | Choose a specific protocol to allow only that protocol (support searching by protocol name) Left blank to allow all protocol |
| Enable/Disable policy option | Tap to turn on/off policy | Once disabled, the policy will not be applied |
| Alert option for inactive connection | Tick on check box to enable Uncheck to disable | Once unchecked, Neuralyzer will not alert if the connection violates the inactive time threshold |
| Allowed source port | Input value in number format | Port numbers range from 0 to 65535 Support multi-ports input, separated by semicolon |
| Allowed source destination | Input value in number format | Port numbers range from 0 to 65535 Support multi-ports input, separated by semicolon |
| Alert option for allowed source/destination port | Tick on check box to enable Uncheck to disable | Once unchecked, Neuralyzer will not alert if the connection violates the allowed source/destination ports |
| Allowed time from | Choose time from the clock pop-up | |
| Allowed time to | Choose time from the clock pop-up | |
| Alert option for allowed time period | Check on check box to enable Uncheck to disable | Once unchecked, Neuralyzer will not alert if the connection violates the allowed time period |
3. Edit policy
You can edit a policy by tapping on “Edit” button on the right of each policy record, a policy editing pop-up will appear.
In the pop-up editing, you can see the detail policy. You can edit by clicking on the field to be edited and perform input operations like when creating a policy.
When finished editing, click “Save” to save the changes or “Cancel” to discard all.
4. Filter policy
Filter for policy list is located at the top of the policy page,
You can search on one or more fields of the policy, just input value onto one or more fields on.
E.g. You want to search policy for a source device with ip 192.168.1.120 and protocol is modbus, proceed to input “192.168.1.120” into field source device and “modbus” into field protocol, the result list will displayed
Click the “Clear” button to clear the values in the filters.
Note: You can input device name or IP into source device or destination device field, we support searching device by both name and IP.
5. Remove policy
You can remove a policy from the list by clicking the "Delete" button on each the policy record.