This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sentinel 8.1 Threat Intelligence Feeds - Proxy?

Is there a way to configure Sentinel to use a proxy to download the Threat Intelligence feeds?
  • 0
    rochfordp,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    These forums are peer-to-peer, best effort, volunteer run and that if your issue
    is urgent or not getting a response, you might try one of the following options:

    - Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
    all the other self support options and support programs available.
    - Open a service request: https://www.microfocus.com/support
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.microfocus.com)
    - You might consider hiring a local partner to assist you.
    https://www.partnernetprogram.com/partnerfinder/find.html

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.microfocus.com/faq.php

    Sometimes this automatic posting will alert someone that can respond.

    If this is a reply to a duplicate posting or otherwise posted in error, please
    ignore and accept our apologies and rest assured we will issue a stern reprimand
    to our posting bot.

    Good luck!

    Your Micro Focus Forums Team
    http://forums.microfocus.com


  • 0 in reply to 
    Any ideas? Scripting this with wget or curl doesnt work as the versions on the Sentinel system don't have the correct TLS support.
  • 0 in reply to 
    To download url based threat intelligence data sources using a proxy, please follow the below steps,

    1. First, configure your proxy server
    2. If you are accessing proxy over https, add below settings in /etc/opt/novell/sentinel/config/configuration.properties
    https.proxyHost=<proxy host/ip>
    https.proxyPort=<proxy port>
    3. If proxy is over http, add below settings in /etc/opt/novell/sentinel/config/configuration.properties
    http.proxyHost=<proxy host/ip>
    http.proxyPort=<proxy port>
    4. In configuration.properties file, set the value of http.nonProxyHosts to pipe separated host addresses for which you don’t want the connection to go through a proxy. This means that sentinel makes direct connection to these configured hosts rather using proxy.
    By default this should contain loopback, local sentinel ip, host info of any distributed targets configured, host info of slink server, host info of scm server as these should not go through a proxy. Host details can contain wildcard characters(*.acme.com) and multiple
    host info should get separated by ‘|’
    http.nonProxyHosts=127.0.0.1|<sentinelip>|<disttargetipip>|<slink server>|<scm server|<advisorserver>
    5. Restart sentinel
  • 0 in reply to 
    Many thanks for this, I'll give it a go.
  • 0 in reply to 

    What about a proxy authentication (user/password)?

     

  • 0   in reply to 

    I see in an earlier post that adding the proxy server was shown to be done in the /etc/opt/novell/sentinel/config/configuration.properties file.  I don't see in our documentation or in the advanced configuration settings where the proxy server can be added. Perhaps this was available in older versions of Sentinel but I don't see it available for Sentinel 8.5. I think this type of configuration would be added at the OS level.   Either way it is not something that Sentinel Engineering has tested in regards to the threat intelligence feed so it is not something we could support.  Unless we officially certify updating threat intelligence via a proxy we cannot support it.  I am not saying it will not work, just saying it is not officially supported. We do support the feed via the url or file download.