(Optional) Configure Malware Analysis Proxy Settings

This topic describes the configuration of a web proxy for communicating with the NetWitness Cloud service and local ThreatGRID or GFI service. The settings in the Service Configuration view > Proxy tab set up communication by web proxy, which Malware Analysis can use to communicate with NetWitness Cloud for community analysis and sandbox analysis. Once the proxy is configured:

  • Malware Analysis communicates via web proxy with the NetWitness Cloud for community analysis.
  • Malware Analysis communicates via web proxy with the configured ThreatGRID or GFI sandbox service. Using a web proxy may negatively affect performance. ThreatGRID and GFI configuration sections in the General tab have an option to ignore the web proxy and communicate directly with the sandbox to improve performance.

Configure the Web Proxy

To configure the web proxy for Malware Analysis:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services view.
  2. Select a Malware Analysis service, and select netwitness_ic-actns.png > View > Config.
  3. In the Services Config view, select the Proxy tab.

  4. To enable the proxy, select the Enabled checkbox.
  5. (Optional) To automatically detect proxy settings for the NetWitness Server, select the checkbox.

    The proxy host and proxy port fields are autofilled.

  6. If you want to use a different proxy, enter the Proxy Host and Proxy Port.
  7. Enter the username and password used to log on to the proxy host.
  8. (Optional) Select SSL, if the proxy host communicates over SSL.
  9. Click Apply.

  10. Restart the Malware service.

Note: Malware Analysis does not support NTML web proxy authentication.