Creating MTD custom attributes
If you create custom attributes after you have configured the MTD management console and synchronized it with Cloud, you will need to re-synchronize the MTD console with Cloud before the custom attributes will appear in MTD console policies.
Before you begin
- Delete any existing MTD custom attributes
- Delete any existing MTD security policies
- Modify the default privacy policy to have no MTD-related app rules
Procedure
-
In the Cloud admin console, go to Admin > Attributes.
NOTE: Enter attribute names in lower case. -
Create the custom attribute mtdnotify:
- Click Add New. The Attribute Name and Attribute Type fields are displayed.
- Select the default, Device as the attribute type.
- Name the custom attribute mtdnotify.
- Click Save to monitor and notify.
This custom attribute can be applied to Low or Normal severity threats for MTD policies within the MTD console.
-
Create a second custom attribute called mtdblock:
- Click Add New.
- Select Device as the attribute type.
- Name the custom attribute mtdblock.
- Click Save to monitor and notify.
This custom attribute can be applied to Elevated or Critical severity threats for MTD policies within the MTD console.
-
Create a third custom attribute called mtdquarantine:
- Click Add New.
- Select Device as the attribute type.
- Name the custom attribute mtdquarantine.
- Click Save to monitor, notify, and quarantine.
This custom attribute can be applied to Elevated or Critical severity threats for MTD policies within the MTD console.
-
Create a fourth custom attribute called mtdtiered4hours:
- Click Add New.
- Select Device as the attribute type.
- Name the custom attribute mtdtiered4hours.
- Click Save to monitor and notify, wait for 4 hours, block, wait for another 4 hours, and quarantine.
This custom attribute can be applied to Low, Normal, Elevated, or Critical severity threats for MTD policies within the MTD console.
TIP: You can create more attributes for hours other than 4 hours.