circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

AI Prevent Status

hashtag
AI Prevent Status

  1. Click on AI Prevent from the navigation bar.

  2. Select AI Prevent Status.

AI Prevent Status displays the currently blocked hosts, including source hosts or target hosts. A source host is the device or system that initiates network traffic. A target host is the device or system that receives network traffic.

The hosts are listed by IP and MAC address. An IP address identifies a device on the network, and a MAC address identifies the device's hardware.

Click any row to view the details and the root cause of the blockage in "Details". To delete rules, select any blocked address and click "Delete Selected."

hashtag
AI Prevent Configuration

To access AI Prevent Configuration,

  1. Click on AI Prevent from the navigation bar.

  2. Select AI Prevent Configuration.

hashtag
Triggers

Triggers are events that cause AI Prevent to block a device. They allow you to control which notifications are generated.

In Triggers, Type is the Notification, and Match Criteria is the Notification category, for example, Address scan detected. Under Actions, enable or disable any notifications.

hashtag
SDN Controller Settings

An SDN (Software-Defined Networking) controller manages network devices and traffic flows. NDR integrates with SDN controllers to automatically block or allow traffic based on detections.

In Integration Settings, set up the controller type (including SDN controllers, OpenDaylight, and UniFi) and the TCP Reset method.

  1. Click the drop-down under Controller Type.

  2. Select either ODL, UniFi SDN, or TCP Reset.

ODL (OpenDaylight):

OpenDaylight (ODL) uses open protocols to provide centralized, programmatic control over network devices.

  1. Enter the Address and Port.

  2. Specify the protocol, table ID, and node ID.

  3. In Authentication, select TLS and Verify Certificate. You must check TLS before selecting Verify Certificate.

  4. Enter your username and password.

  5. Select Test to check the SDN controller connection.

  6. Click Save.

UniFi SDN:

UniFi SDN manages UniFi devices, providing a user-friendly interface for configuring and monitoring switches, access points, and gateways.

  1. Enter the Address and Port.

    1. In Authentication, select TLS and Verify Certificate. You must check TLS before selecting Verify Certificate.

    2. Enter your username and password.

    3. Select Test to check the SDN controller connection.

    4. Click Save.

TCP Reset:

TCP Reset terminates suspicious connections by sending TCP reset (RST) packets, abruptly closing the connection between two devices and prompting the sender to retry.

  1. Test the SDN controller connection.

  2. Click Save.

Last updated

Was this helpful?