NovaSense

Nova ADCs support pre-emptive threat blocking via the Snapt threat intelligence database, NovaSense. This is a paid feature, available to Nova clients.

About NovaSense

NovaSense is the Snapt threat intelligence center, and provides insights and tools for pre-emptive threat protection and attack mitigation. NovaSense protects clients of all sizes from attackers, abuse, botnets, DoS attacks and more. To learn more about NovaSense visit the websiteopen in new window.

Using with Nova

Nova ADCs can integrate with NovaSense by entering a NovaSense API key in the ADC configuration for any supported ADC types. You may then block content based on one of the following categories:

NameDescription
ThreatsThreats are hosts that have attempted to exploit, brute force, or execute a denial of service attack. These are often compromised hosts, and can generally be blocked.
AbusersConfirmed spammers, comment spam, link spam, abusive crawlers, DoS and DDoS attacks and other miscellaneous abuses. Typically safe to block, but can have limited false positives.
BotnetKnown botnet and C&C servers, a smaller list of confirmed active botnet systems to be blocked at all times. These have responded with a valid botnet C2 response.
MalwareSystems that are infected with or involved in spreading malware and ransomware. Typically blocked on incoming firewalls but also useful on ADCs.
Tor ExitsA list of active or recently active TOR exit nodes, which are not inherently a threat, but may have been involved in attacks.
Crypto-AbuseSystems involved or recently involved in crypto-mining abuse, in browser or via malware.
Open ProxyA list of socks, web, and other active or recently active open proxies, which are not inherently a threat, but may have been involved in attacks.

You may also choose to redirect blocked users to a NovaSense block page explaining why they were blocked, or, to block them normally like a WAF block. This allows you to use your own customizable errors.

Allowing IPs

Should you wish to override the NovaSense protection you may add the IP address to the IP allow list, which will bypass all protections from the Nova WAF.

Recommendations

We recommend always blocking Botnet addresses, and generally blocking Threats and Malware.

Interface Example

Screenshot