NTA IP Reputation Library (SETTINGS menu > Network Traffic Analysis > NTA IP Reputation Library) enables you to consult static and/or dynamic lists that characterize IP addresses observed in current network traffic as suspicious. The library is prepopulated with a current list of IP addresses known to be in use by Tor client sessions (random routing and encryption that provides some measure of anonymity). When blacklisted addresses "talk" with your managed devices, they will be displayed in the NTA Suspicious Connections report.
You can also pull in lists periodically/dynamically from industry-trusted network, security, and Internet service vendor sites. This is a powerful feature in that it enables you to tie WhatsUp Gold into information observed by trusted partners and stakeholders throughout the Internet community.
Upload Lists of Addresses or Use Trusted URLs to Seed the IP Reputation Library
Add a local list
Use a community List (Cisco Talos Spam List Shown)
Typical Leverage Points:
To add or modify a suspicious IP address list(ing):
Add/Edit List enables you to:
Note: The list you add must use the expected syntax and format. For details, see the syntax examples in the Expected Format section of this topic.
When viewing the grid from the library view, the following columns display:
For lists applied from file systems or REST API responses, the expected syntax is similar to a hosts file. One IP address per line.
# my comment
# Well-known spam sources