Configure Block Thresholds in EVE

This procedure shows how to block potentially malicious traffic, based on the EVE threat confidence score of 90 percent or higher.

Procedure

Step 1

Choose Policies > Access Control.

Step 2

Click Edit (edit icon) next to the access control policy you want to edit.

Step 3

Choose Advanced Settings from the More drop-down arrow at the end of the packet flow line.

Step 4

Click Edit (edit icon) next to Encrypted Visibility Engine.

Step 5

In the Encrypted Visibility Engine page, enable the Encrypted Visibility Engine (EVE) toggle button.

Step 6

Enable the Block Traffic Based on EVE Score toggle button. Any incoming traffic that is a potential threat is blocked by default.

Note

By default, the threshold at which malware is blocked is 99 percent, which means:

  • If EVE detects the traffic to be malware with 99 percent confidence or higher, EVE blocks the traffic.

  • If EVE detects the traffic to be malware with less than 99 percent confidence, EVE takes no action.

Step 7

Use the slider to adjust the threshold for blocking based on EVE threat confidence. This ranges from Very Low to Very High. In this example, the slider is set to Very High.

Step 8

For further granular control, enable the Advanced Mode toggle button. Now, you can assign a specific EVE Threat Confidence Score for blocking traffic. The default threshold is 99 percent.

Step 9

In this example, change the block threshold to 90 percent.

Attention

As a best practice, we recommend that you do not set the block threshold to below 50 percent to ensure optimum performance.

Step 10

Click OK.

Step 11

Click Save.

What to do next

Deploy configuration changes. See Deploy Configuration Changes.