Management Services Capture ATP Security · 2021. 9. 3. · Capture ATP Configuration 5 Files are Sent over an Encrypted Connection All files are sent to the Capture ATP cloud over

SonicWall® Management Services Capture ATPAdministration

SonicWall Management Services Capture ATP Administration

Contents2

Capture ATP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

About Capture ATP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Supported Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Functional Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Files are Preprocessed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Blocking Files Until Completely Analyzed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Files are Sent over an Encrypted Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Activating the Capture ATP License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Setting Up Capture ATP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Inspected Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Exclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Uploading Files for Capture ATP Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Processing of Uploaded files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Viewing Capture ATP Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

About the Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

About the Log Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Filtering the Display with a Filter Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Filtering the Display for a Single Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Viewing Threat Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Launching the Threat Report from the Log Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Viewing the Threat Report Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Viewing Threat Reports from Preprocessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Viewing Threat Reports from a Full Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Configuring Alerts and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Configuring Email Alerts in SonicOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Contents

1

Capture ATP Configuration

About Capture ATPThe SonicWall Capture Advanced Threat Protection service is a cloud-based multi-engine sandbox designed to discover and stop unknown, zero-day attacks such as ransomware at the gateway with automated remediation. Capture ATP then sends the results to the firewall. The analysis and reporting are done in real time while the file is being processed by the firewall.

Capture Advance Threat Protection (ATP) is sold as an add-on security service to the firewall, similar to Gateway Anti-Virus (GAV), and works in conjunction with the GAV and Cloud Anti-Virus services.

All files are sent to the Capture ATP cloud over an encrypted connection. Files are analyzed and deleted within minutes of a verdict being determined, unless a file is found to be malicious. Malicious files are submitted via an encrypted HTTPS connection to the SonicWall threat research team for further analysis. Files are not transferred to any other location for analysis. Malicious files are deleted after harvesting threat information within 30 days of receipt.

When malicious files are discovered, Capture ATP provides a file analysis report (threat report) with detailed threat behavior information.

The firewall is located on your premises, while the Capture ATP server and database are located at a SonicWall facility. The firewall creates a secure connection with the Capture ATP cloud service before transmitting data.

Before you can enable Capture ATP you must first get a license, and you must enable the Gateway Anti-Virus (GAV) and Cloud Anti-Virus Database services. You can choose the settings for GAV, such as protocols to scan for files, or IP addresses to exclude from scanning, and they will also apply to the Capture ATP service.

All files that are submitted to Capture ATP for analysis are first subjected to preprocessing. Files can be rejected or passed based on preprocessing. If preprocessing determines a file to be either malicious or benign, then the file will not be analyzed by Capture ATP. If a file not identified as malicious or benign by the GAV service during the Capture preprocessing process, the file is submitted to Capture ATP for analysis.

The Block file download until a verdict is returned option ensures that no packets get through until the file is completely analyzed and it is determined to be either malicious or benign. This option only applies to HTTP/HTTPS downloads. The file is held until the last packet is analyzed. If the file has malware, the last packet is dropped, and the file is blocked.

Capture ATP provides a file analysis report (threat report) with detailed threat behavior information. The threat report provides information necessary to respond to a threat or infection. You can view a threat report in the SonicOS web management interface, or in the MySonicWALL Notification Center. You can also enable instant and weekly email notifications for Capture ATP in MySonicWall.

This chapter provides an overview of Capture ATP functionality and how to configure ATP. The next chapter, Uploading Files for Capture ATP Processing on page 9, tells how to manually load files into ATP for testing. The third chapter, Viewing Capture ATP Events on page 11, goes into how to view and interpret results from ATP. The final chapter, Configuring Alerts and Notifications, goes over how to setup alerts and notification from the Capture ATP feature.S

NOTE: For App Rules policies, a new Bypass Capture ATP option is available as an Action Object in the Add New Ap Policy dialog box located at Manage | Firewall | App Rules; select Add New under App Rule Policies.


Capture ATP Configuration3

Topics:

• Supported Firewalls

• Functional Overview

• Activating the Capture ATP License

• Setting Up Capture ATP

Supported FirewallsSuperMassive, NSa, and TZ series firewalls support the Capture ATP feature.

Functional OverviewThe following paragraphs describe prominent functional features of Capture ATP.

Topics:

• Files are Preprocessed

• Blocking Files Until Completely Analyzed

• Files are Sent over an Encrypted Connection

Files are PreprocessedAll files submitted to Capture ATP for analysis are first preprocessed by the GAV and the Cloud AV database services to determine if a file is malicious or benign. You can also use GAV settings to select protocols at ingress or egress, or define address objects to exclude from anti-virus and Capture ATP scanning.

Preprocessed files determined to be malicious or benign are not analyzed by Capture ATP. If a file is not clearly identified as malicious or benign during preprocessing, the file is submitted to Capture ATP for analysis.

Blocking Files Until Completely AnalyzedFor HTTP/HTTPS downloads, Capture ATP provides an option, Block file download until a verdict is returned, that ensures no packets get through until the file is completely analyzed and determined to be either malicious or benign. The file is held until the last packet is analyzed. If the file has malware, the last packet is dropped, and the file is blocked. The threat report provides information necessary to respond to a threat or infection.

NOTE: SuperMassive 9600, TZ300 series, and TZ400 series support Capture ATP in SonicOS 6.2.6.1 and higher. Other platforms support Capture ATP in SonicOS 6.2.6.0 and higher.

IMPORTANT: Capture ATP functionality is not supported in the High Availability configuration: Active/Active DPI mode. For more on this topic refer to SonicWALL Management Services High Availability Setup Administration Guide (232-004734-00 Rev A)



Files are Sent over an Encrypted ConnectionAll files are sent to the Capture ATP cloud over an encrypted connection. SonicWall does not keep the files. All file types, whether they are malicious or benign are removed from the Capture ATP server after a certain time period.

The SonicWall privacy policy can be accessed at https://www.mysonicwall.com/privacypolicy.aspx.

Activating the Capture ATP License

After the Capture ATP service license is activated on MySonicWall, navigate to MANAGE | Security | Capture ATP > Settings. If Advanced Threat Prevention is selected, both GAV and Cloud Anti-Virus Database services must also be enabled. The Basic Setup Checklist should show green check marks to the left of Capture ATP, Gateway Anti-Virus, and Cloud Anti-Virus features. In the screen shot below, the Cloud Anti-Virus Database service in not enabled.

If necessary to activate your license, go to MySonicWall.com or navigate to MANAGE | System | Service Licenses |Register/Upgrades > Service Licenses:

IMPORTANT: Capture ATP requires the Gateway Anti-Virus and Cloud Ant-Virus Database services, which must also be licensed.

NOTE: Note that licensing must be set up for both the CS-MA 1.5 instance and the specific appliances.



https://www.mysonicwall.com/privacypolicy.aspx

Setting Up Capture ATPAt MANAGE | Security | Capture ATP > Settings, after Basic Setup Checklist, there are four areas for setup:

• Inspected Protocols

• Bandwidth Management

• Exclusions

• Custom Blocking Behavior

Inspected ProtocolsThe Inspected Protocols display is just below the Basic Checklist section:

NOTE: It may be necessary to go to MySonicWall.com to ensure the license is activated.



The Inspected Protocols table also provides a manage settings link that takes you to the MANAGE | Security Services > Gateway Anti-Virus page. There, you can enable or disable inspection of specific network traffic protocols, including HTTP, FTP, IMAP, SMTP, POP, CIFS, and TCP Stream. Each protocol can be managed separately for inbound and outbound traffic.

The table below Inspected Protocols displays the current inspection settings for each protocol, in each direction; see Protocols inspection settings.

Bandwidth ManagementBandwidth Management defines the file types going to Capture ATP for sand-boxing and analysis. It also supports a maximum file size setting.

Protocols inspection settings

Icon Message

Enabled Protocol is inspected.

Disabled Protocol is not inspected.

n/a Inspection is not applicable to this protocol in this direction.



ExclusionsExclusions allows the definition of specific address objects or of files with specific MD5 checksums.

To exclude MD5 hash functions, load their checksums:



2

Uploading Files for Capture ATPProcessing

Specific files can be uploaded to the Capture Advanced Threat Prevention system for processing. To do this, navigate to MANAGE | Security | Capture ATP > Upload:

It is also possible to go from HOME | Capture ATP > Status to the upload function. In this case a firewall needs

to be selected to bring up the Capture ATP option. Note the Upload file symbol to the right:


Uploading Files for Capture ATP Processing9

Processing of Uploaded filesThe uploaded files are subjected to scanning by the GAV and Cloud GAV Databases and services before going to the cloud Advanced Threat Prevention service. When uploaded files go through both of the scans and as well as sandbox testing before a verdict is returned.

Results from an uploaded file test appear in the normal results table, but without origin and destination information:

NOTE: If the upload fails, an error message is displayed, such as:


Uploading Files for Capture ATP Processing10

3

Viewing Capture ATP Events

In the HOME view, the Capture ATP > Status page displays a graph and a log table that provide information for each file that it has scanned for viruses and malware.

Files can be uploaded to Capture ATP for scanning from this page by clicking the Upload a file button.

Topics:

• About the Chart

• About the Log Table

• Viewing Threat Reports

About the Chart

The chart shows the number of files scanned for each day. The X axis represents time and shows only the last 30 days, with a bar for each day. The Y axis represents the number of files scanned.

The ratio of malicious to OK files found is represented by the colors of each bar in the chart.


Viewing Capture ATP Events11

When you hover your mouse over a bar, a popup message shows the actual numbers of files scanned and malicious files found on that day.

About the Log TableBelow the graph, the log table shows information for each file that has been scanned. The log table allows you to scroll through the list of scanned files. If a scan is pending, the icon to the left is yellow. If a malicious file is found, there is red Malicious icon displays. Clicking on any row opens the threat report.



The heading for this page is dynamic and can appear in one of two states, depending on whether filters are applied:

• When no filters are applied - Viewing n files scanned.

• When filters are applied - Viewing n files of y total scanned.

The rows of the Date column can be sorted in ascending or descending order. The heading of the column used for sorting is black instead of grey. The selected sort order is persistent as filters are added or removed.

Topics:

• Filtering the Display with a Filter Tag

• Filtering the Display for a Single Day

Filtering the Display with a Filter Tag

To customize what is displayed in the log table:

1 Click on the filter icon:

2 Select the criteria you want from the menu:

Use the entry table as shown above to set the filter.

Status Status of the scan:

• Scan pending – The scan is in progress.

• Clean – The scan has completed, and the judgment is benign.

• Scan failed – The scan failed.

• MALICIOUS icon – The scan has completed, and the judgment is malicious.

Filename Name of the file.

Date Date the file was scanned.

Src IP address where the file originated.

Dest IP address to which the file was sent.

Country Geo-location when available.

Total Bytes File size.

IMPORTANT: The graph, log table, and filters are bound together and any interactions on one affects the others.



Filtering the Display for a Single DayTo filter for one log type on one day:

1 On the Home| Capture ATP > Status page, click on a single bar in the chart to set the filter for the log table to show the details of that bar (date) only.

2 Scan through the log as it displays.



Viewing Threat ReportsWhen you click the name of the file in the log table on the Capture ATP page, the Capture ATP threat report appears. The report format varies depending on whether a full analysis was performed or the judgment was based on preprocessing.



Launching the Threat Report from the Log TableYou can launch a threat report by clicking on any row in the log table on the Capture ATP page. Mousing over a row highlights it, and you can click anywhere in the row to launch the threat report in a new browser window.

Viewing the Threat Report HeaderThe report header is very similar among the various threat reports. This section describes the header components and variations.

The header has threee parts:

• An upper banner that is colored:

• Red for a malicious file.

• Green for a clean file.

The top entry displays the date and time that the file was submitted to Capture ATP for analysis. The bottom entry displays the IP address that downloaded the file.

• A middle banner

• Static file information

The static file information is displayed on the left side of the threat report and is similar across all types of reports:

• File size in kilobits (kb)

• File type

• File name as it was intercepted by the firewall

• File identifiers:

NOTE: No threat report is launched for archives that do not contain any supported file types.



• MD5

• SHA1

• SHA256

• A lower banner that contains connection information:

• On the left is the IP address (IPv4) and port number of the connection source. This is the address from which the file was sent.

• In the middle is the firewall identified by its serial number or friendly name.

• On the right is the IP address (IPv4) and port number of the connection destination. This is the address to which the file is being sent.

V

Viewing Threat Reports from PreprocessingThere are varying amounts of data on a preprocessor threat report, based on whether the file was found to be malicious or clean.

A clean threat report is seen in either of the following two cases:

Analysis Summary and Status Boxes in Preprocessor ReportsPreprocessor threat reports contain an Analysis Summary section on the left side, which summarizes the findings based on the four phases of analysis during preprocessing.

The true/false results from the four phases of preprocessing are displayed in the status boxes. See Four areas of preprocessor analysis for information about what happens in the process. Subsequent phases depend on the results of previous phases in the preprocessing.

Case 1 Virus scans are inconclusive or all good.

The file matches domain or vendor allow lists.

Case 2 Virus scans are inconclusive or all good.

No embedded code is present in the file.

Four areas of preprocessor analysis

Preprocessor phase result

Virus scanners detect malware

Vendor reputation

on Allow list? 1Domain reputation

on Allow list? 1

Embedded code found in the file?

True Malicious Non-malicious Non-malicious Continue analysis

False Continue analysis Continue analysis Continue analysis Non-malicious



Some phase results trigger an immediate judgment of either Malicious or Non-malicious, as indicated in Four areas of preprocessor analysis. Otherwise, that phase ends with the Continue analysis state. If all phases of preprocessing result in the Continue analysis state, the file is sent to the cloud for full analysis by Capture ATP.

Malware names in preprocessor reportsIf the virus scanners detect known malware in the file, all malware names are listed in the content area of the report.

Viewing Threat Reports from a Full AnalysisFull analysis threat reports provide the same set of information for both malicious and non-malicious files, although the banner color is different. This Threat Report format is used when the following conditions occur:

• Virus scans are inconclusive or all good.

• Embedded code is present in the file.

• The file does not match domain or vendor allow lists.

Why Live Detonations Were NeededThe left side of the full analysis threat report displays a summary of the preprocessing results as an explanation of why live detonations were needed. The term live detonations is used to indicate that one or more analysis engines and multiple environments were used to analyze the file in the cloud servers.

Status Boxes

The status boxes in full analysis threat reports display status from preprocessing results as well as information about the analysis performed in the cloud servers.

1. The vendor reputation filter is only applicable for PE files, and the domain reputation might not be available for files delivered over SMTP. In these cases, the Continue analysis state is the phase result.

Virus scanners This is the number of Anti-Virus vendors used, regardless of the judgment from each.

SonicWall Gateway Anti-Virus and Cloud Anti-Virus each count as one.

Additional virus scanners from many AV products and online scan engines are included in the total.

Reputation databases One is the vendors allowed list.

One is the domains allowed list.

Detonation engines Number of analysis engines used to analyze the file.

One is the SonicWall analysis engine.

Additional analysis engines from third-party vendors are included in the count.

Live detonations Total number of environments used across all analysis engines.

The environment comprises the analysis engine and the operating system on which it was run.



Analysis Engine Results TablesUnder the status boxes, the full analysis threat report displays multiple tables showing the results from each analysis engine. The engines are designated by names from the Greek alphabet, such as Alpha, Beta, Gamma.

Each row represents a separate environment and indicates the operating system in which the engine was executed.

The overall score from the analysis in each environment is displayed in a highlighted box to the left of the operating system. The color of the box indicates whether the score triggered a malicious or non-malicious judgment:

• Red indicates a malicious judgment.

• Grey indicates a non-malicious judgment.

For each environment, the columns provide the analysis duration and a summary of actions once detonated:

You can click any cell in the Summary of actions table to jump to the full data available further down in the report. Blank cells are not clickable.

Clicking an item in the last column provides access to a file containing the full details of the analysis by the different engines and which you can open or save:

TimeTime taken by the analysis, using s for seconds, m for minutes, and timeout if the analysis did not complete.

Libraries Cumulative count of malware libraries that were read during the analysis.

Files Cumulative count of files that were created, read, updated, or deleted during the analysis.

Registries Cumulative count of OS registries that were read during the analysis.

Processes Cumulative count of processes that were created during the analysis.

Mutexes Cumulative count of mutual exclusion objects that were used during the analysis to lock a resource for exclusive access.

Functions Cumulative count of functions executed during the analysis.

Connection Cumulative count of network connections that were created during the analysis

XML XML file of all the detailed data behind the above counts.

Screenshots Zip file of all the screenshots produced by the analysis.

PCAP A packet capture file in pcapNG or libpcap format with details about the connections opened during the analysis.



4

Configuring Alerts and Notifications

You can configure email alerts and notifications for Capture ATP in both MySonicWALL and SonicOS.

• For details on setting alerts in MySonicWall, look for Alert Settings in the on-line help supporting MySonicWall.

• Configuring Email Alerts in SonicOS at the firewall-level is described below.

Configuring Email Alerts in SonicOSYou can configure SonicOS to send email alerts when a file verdict has occurred.

To configure a firewall to email an alert when a file verdict is returned:

1 On the Log > Settings page, expand the Security Services drop-down, and then expand the GAV drop-down. Select the check box in the Alert column for the Capture ATP File Transfer Result.


Configuring Alerts and Notifications20

2 Edit category settings by clicking the Configure icon on the appropriate line.

3 Go to the Log > Automation page and configure the email account where you would like to receive alert notifications. For more information on the various settings available for this page, see the Log > Automation section of the SonicOS Adminstrative Guide.

4 Click Accept to save your changes. The administrator receives an email alert when a file verdict is returned.


Configuring Alerts and Notifications21

5

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.

The Support Portal enables you to:

• View knowledge base articles and technical documentation

• View video tutorials

• Access MySonicWall

• Learn about SonicWall professional services

• Review SonicWall Support services and warranty information

• Register for training and certification

• Request technical support or customer service

To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

SonicWall Management Service Capture ATP Administration

SonicWall Support22

https://www.sonicwall.com/support/contact-support

https://www.sonicwall.com/support

About This Document

Capture Security Center Capture Advanced Threat PrevetionUpdated - April 2019232-004729-00 Rev A

Copyright © 2019 SonicWall Inc. All rights reserved.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners

The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update the information contained in this document.

For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement

To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/en-us/legal/license-agreements.

Open Source Code

SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:

General Public License Source Code RequestSonicWall Inc. Attn: Jennifer Anderson1033 McCarthy BlvdMilpitas, CA 95035

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

SonicWall Management Service Capture ATP Administration

SonicWall Support23

https://www.sonicwall.com/legal

https://www.sonicwall.com/en-us/legal/license-agreements

Documents

Management Services Capture ATP Security · 2021. 9. 3. · Capture ATP Configuration 5 Files are Sent over an Encrypted Connection All files are sent to the Capture ATP cloud over