Creating MTD custom attributes

You need to create several custom device attributes that will be applied to both Android and iOS devices. In the following procedure, create custom attributes based on threat severity.

If you create custom attributes after you have configured the zConsole and synchronized it with Cloud, you will need to re-synchronize the zConsole with Cloud before the custom attributes will appear in zConsole policies.

Before you begin 

  • Delete any existing MTD custom attributes
  • Delete any existing MTD security policies
  • Modify the default privacy policy to have no MTD-related app rules

Procedure 

  1. In the Cloud admin console, go to Admin > Attributes.

    NOTE: Enter attribute names in lower case.

  2. Create the custom attribute mtdnotify:

    1. Click Add New. The Attribute Name and Attribute Type fields are displayed.
    2. Select the default, Device as the attribute type.
    3. Name the custom attribute mtdnotify.
    4. Click Save to monitor and notify.

    This custom attribute can be applied to Low or Normal severity threats for MTD policies within the zConsole.

  3. Create a second custom attribute called mtdblock:

    1. Click Add New.
    2. Select Device as the attribute type.
    3. Name the custom attribute mtdblock.
    4. Click Save to monitor and notify.

    This custom attribute can be applied to Elevated or Critical severity threats for MTD policies within the zConsole.

  4. Create a third custom attribute called mtdquarantine:

    1. Click Add New.
    2. Select Device as the attribute type.
    3. Name the custom attribute mtdquarantine.
    4. Click Save to monitor, notify, and quarantine.

    This custom attribute can be applied to Elevated or Critical severity threats for MTD policies within the zConsole.

  5. Create a fourth custom attribute called mtdtiered4hours:

    1. Click Add New.
    2. Select Device as the attribute type.
    3. Name the custom attribute mtdtiered4hours.
    4. Click Save to monitor and notify, wait for 4 hours, block, wait for another 4 hours, and quarantine.

    This custom attribute can be applied to Low, Normal, Elevated, or Critical severity threats for MTD policies within the zConsole.

    TIP: You can create more attributes for hours other than 4 hours.