Secure Internet Access
SIA Service
Cloud-based SIA service with affordable, with easy to use to protect your clients from harmful web access.
SIA services run on a Multi-Tenancy Based SECaaS platform. The platform configures a service infrastructure through the interconnection Service Gateway, Security Manager, Security Manager, Security Edge, and Log Collector.
SIA service can be delivered anywhere in the world with one gateway, reducing the cost of the company's backhaul and helping to ensure compliance with the company's security compliance.
View menu
- Service TAB
You can view logs and users detected in the last 24 hours, and you can check the traffic graph and service usage information for the last 24 hours in summary.
① Traffic : You can view traffic for the last 24 hours in the form of a line graph.
② Service Summary : You can view the number of users & security policies & access policies & firewall policies
added by the administrator, and the number of devices connected to the AI Connector.
Click on the
or 
icon to go to its information page.
③ Blocked Users : You can see who has been blocked by policy and how many times they have been blocked in the
last 24 hours.
④ Connected Tunnel : You can view the list of currently connected tunnels among the tunnels added by the administrator.
Click on the icon to go to the tunnel page.
⑤ Web Security Log / Firewall Log : You can view logs of security web/firewall policy violations for the last 24 hours.
Click on the icon to go to its information page.
Click the 
icon to refresh the log.
- User TAB
You can check all users who are connected to the connector, users who have disconnected, and users who have never connected.
① The number of users currently accessing AI Connector among all users is displayed.
② At the top of the list, users accessing the AI Connector are displayed.
③ Below that, users who have disconnected from the AI Connector are displayed.
④ At the bottom of the list, users who have not yet accessed the AI Connector are displayed.
⑤ Clicking the More icon takes you to a page where you can see detailed information about that user.
Analytics menu > User
This menu allows you to analyze and view the user's web & app traffic usage history.
- Statistics TAB
① Period : You can analyze in the last 6 hours, 12 hours, 24 hours, and other periods can be customized.
The user-specified search period is up to one month in advance.
② CSV : Provides CSV file download function.
③ Clicking the More icon takes you to a page where you can see detailed information about that user.
- User Info
① You can check the user's permissions, groups, and how much traffic they've used in a month, compared to last month's
traffic.
② You can view each user's traffic information by dividing it into Traffic / App / Web / IP / RBI TAB.
- User Info > Traffic TAB
You can view graphs analyzing network/web/RBI traffic for a month and graphs of web download/web upload/RBI download/RBI upload traffic.
- User Info > App TAB
By classifying user traffic into app groups and apps, you can view the traffic used by each app.
① When you click on an app group name, the list on the right consists of apps in that app group, and when you
click again, it consists of all apps.
② Clicking on the app name will take you to the app information page.
③ Clicking the 
App Group Info button takes you to the app group list page.
④ You can download it as a CSV file by clicking the 
CSV button.
- User Info > Web TAB
You can classify user traffic into web categories and view the traffic used for each web category.
Clicking on a web category name takes you to the information page for that web category.
You can download it as a CSV file by clicking the CSV button.
- User Info > SaaS TAB
You can classify user traffic into SaaS categories and view the traffic used for each SaaS category.
Clicking on a SaaS category name takes you to the information page for that SaaS category.
You can download it as a CSV file by clicking the CSV button.
- User Info > IP TAB
You can check the IP usage history of your traffic.
You can download it as a CSV file by clicking the CSV button.
- User Info > ATP TAB
You can check the analysis history of files in the your traffic.
You can download it as a CSV file by clicking the CSV button.
- User Info > RBI TAB
You can check the graph that analyzes the your remote browser traffic.
Analytics menu > App
This is a menu where you can analyze and view app traffic usage records.
- Statistics TAB
You can view the traffic of the top 10 apps & app groups in graphs and lists.
① Period : You can analyze in the last hour, 6 hours, 12 hours, 24 hours, and other periods can be customized.
The user-specified search period is up to one month in advance.
② You can view the top 10 app & app group traffic graph and the number of users using traffic by dividing them
with TAB.
③ You can view the entire graph by clicking the More
button.
④ Clicking the About App Groups button takes you to the app group list page.
⑤ CSV : Provides CSV file download function.
⑥ Clicking the More button takes you to the app information page.
- App Info
① You can check the app name and description, group, protocol, and properties.
② You can view each app's traffic information by dividing it into Traffic / User TAB.
- App Info > Traffic TAB
You can view graphs of app traffic and usage detected for a month.
- App Info > User TAB
You can view the users who used app traffic and the number of traffic.
You can download it as a CSV file by clicking the CSV button.
- Security TAB
You can view a graph of the number of blocks for apps, app groups, and users blocked by security policy.
Analytics menu > Web
This menu allows you to analyze and view web traffic usage records.
- Statistics TAB
You can view the traffic graph of the top 10 web categories/websites and view the traffic list by web category.
① Period : You can analyze in the last hour, 6 hours, 12 hours, 24 hours, and other periods can be customized.
The user-specified search period is up to one month in advance.
② You can view the entire graph by clicking the More button.
③ CSV : Provides CSV file download function.
④ Clicking the More button takes you to the corresponding web category information page.
- Web Info
① You can view the web category name and description.
② You can view traffic information for each web category by dividing it into Traffic / Website TAB.
- Web Info > Traffic TAB
You can view graphs of detected web traffic and usage for a month.
- Web Info > Web Site TAB
You can view traffic by website.
You can download it as a CSV file by clicking the CSV button.
- Security TAB
You can view a graph of the number of blocks for users, categories, and URLs blocked by security policy.
Analytics menu > SaaS
- Statistics TAB
You can view the traffic graph of the top 10 SaaS categories/users and view the traffic list by SaaS category.
① Period : You can analyze in the last hour, 6 hours, 12 hours, 24 hours, and other periods can be customized.
The user-specified search period is up to one month in advance.
② You can view the entire graph by clicking the More button.
③ CSV : Provides CSV file download function.
④ Clicking the More button takes you to the corresponding SaaS category information page.
- SaaS Info
① You can view the SaaS category name and URL, IP, FQDN.
② You can view traffic information for each SaaS category by dividing it into Traffic / User TAB.
- SaaS Info > Traffic TAB
You can view graphs of detected SaaS traffic and usage for a month.
- SaaS Info > User TAB
You can view traffic for users by SaaS site.
You can download it as a CSV file by clicking the CSV button.
- Security TAB
You can view a graph of the number of blocks for users, categories blocked by security policy.
Analytics menu > ATP
- Statistics TAB
You can view the analysis results of the detected file, the user ratio, and the top 5 malicious type graphs, and the graph of the number of detections and traffic of the top 10 users / files.
① Period : You can analyze in the last hour, 6 hours, 12 hours, 24 hours, and other periods can be customized.
The user-specified search period is up to one month in advance.
② The top 10 users, file detection graphs and traffic graphs can be divided into Tab.
③ You can view the entire graph by clicking the More button.
Analytics menu > General
Additionally, this is a menu where you can check the detected traffic in a graph.
- Statistics TAB
You can view graphs of traffic, top 10 applications / users / IP / websites.
The traffic graph is dividing it into Mbps and traffic TAB.
Analytics menu > Remote Browser
- Statistics TAB
You can view graphs of traffic, top 10 users / sites / categories.
The traffic graph is dividing it into traffic and count TAB.
Log menu > Access
In the access log menu, you can view web access and access control access, file access logs.
- Access Control TAB
You can query the user's access time, user name, edge, access control name, client and server IP, protocol, host, and service FQDN.
① CSV : Provides CSV file download function.
② Clicking on the 
access control name takes you to the corresponding policy. If the policy has been deleted,
the icon will not be displayed.
- WEB TAB
You can query the time the user accessed the web, user name, destination IP, method, RBI, protocol, host, path, and status code.
① CSV : Provides CSV file download function.
② You can check detailed log information by clicking the View 
button.
- File TAB
You can query the time the user accessed the file, user name, edge, IP, URL, port, RBI, action, file name, and file hash.
Click the CSV button to download the filtered log as a CSV file.
Log menu > Security
In the security log menu, you can view web, firewall, access control, and atp logs.
|
Menu |
Description |
| Web Security Log |
In the web security log, you can view web security logs that have been 'blocked/allowed' due to policy violation among internal users' WEB requests. You can check the request time, user, policy, IP, category, and request URL. |
| Firewall Security Log |
In the firewall security log, you can view firewall security logs that have been 'blocked/allowed' due to violation of firewall policy among internal users' WEB requests. You can check request time, user, policy, IP, country, app protocol, application, and port. |
| Access Control Security Log |
In the access control security log, you can view access control security logs that have been 'blocked/allowed' due to violation of access policy among internal users' WEB requests. You can check request time, user, access control, policy, IP, country, edge, and action. |
| ATP Security Log |
In the atp security log, you can view atp security logs that analyzes a file that violates the policy with the "Block ATP" conditions during the internal user's WEB request. You can check request time, file name, file hash, malware type, analyze status, result, and threat score. |
- WEB TAB
① CSV : Provides CSV file download function.
② Clicking on a policy name takes you to that policy. If the policy has been deleted, the icon will not be displayed.
③ You can check detailed log information by clicking the View button.
ⓐ IP Reputation Inquiry : You can view the risk rating of IP, the last update, the attack, the detection basis, the Osint information, the whois results, and the bot list information.
ⓑ Category Change Request : You can change the category to apply/exceptions to the detected URL.
ⓒ URL Analysis: Analyzes whether the URL is a safe URL.
You can view more detailed URL analysis information by clicking the View Details button.
- Firewall TAB
① Download : Provides CSV file download function.
② Clicking on a policy name takes you to that policy. If the policy has been deleted, the icon will not be displayed.
- Access Control TAB
① Download : Provides CSV file download function.
② Clicking on a access control name, policy name takes you to that policy. If the policy has been deleted, the icon
will not be displayed.
- ATP TAB
① Download : Provides CSV file download function.
② Clicking the More icon takes you to a page where you can see detailed information about that file.
Log menu > Auth
This is a menu that allows users to view the records of their authentication to SIA Console or AI Connector.
You can search by VPN, SDP, SSO, and Console authentication results.
Click the CSV button to download the filtered log as a CSV file.
Log menu > Audit
Click the CSV button to download the filtered log as a CSV file.
① CSV : Provides CSV file download function.
② Clicking the Detail 
icon to see detailed information about the change.
Report menu
You can create reports for app, web, saas, atp, general and remote browser analytics by specifying a period, and provide a report download function.
-
Create Report
① Select the period for which you want to generate a report. If not selected, it will be created with the
current date (1st day).
② Enter the report file name. If you leave it blank, it will be created with a default name.
③ Select at least one analysis item to generate as a report.
④ Click the Create Button.
You can download the PDF file by clicking the icon.
User menu > User
This is a menu for managing internal user information to apply AIONCLOUD SIA's security policy.
Users can access AI Connector and use SIA policies.
① Export CSV : You can download user information as a CSV file by clicking the Export CSV button at the top.
② Import CSV : You can overwrite user information by clicking the 
Import CSV button at the top to upload a CSV file.
Users with ADMIN permissions and users whose identity provider is not DATABASE are not affected by CSV export and CSV import.
③ Create : You can create a user by clicking the Create button.
-
Create User
① Enter user information.
- First Name : User's first name
- Last Name : User's last name
- Login ID : Login ID used to log in to SIA Console and AI Connector
- Password : User's password. Must contain at least one number, at least one special character,
and at least one English letter.
- Role : User's console access rights. Manager can check all menus, including policy settings, in
SIA Console, and User can download AI Connector from SIA Console.
- Groups : (Optional) Group the user will belong to.
- Descritpion : (Optional) Notes and additional information
② Click the OK button.
-
Import CSV
① Click the CSV Template Download button to download the template, or click the Export CSV button to
add/delete/edit users based on the current user list and save the CSV.
When saving CSV files, make sure to keep the *.csv extension.
If you modify the first line of the CSV file, file upload will fail.
② Upload the modified CSV file.
③ Click the Create button.
User menu > User Group
This is a menu that allows you to group users and manage them.
① Export CSV : You can download user group information as a CSV file by clicking the Export CSV button at the top.
② Import CSV : You can overwrite user group information by clicking the Import CSV button at the top to upload a
CSV file.
User groups whose identity provider is not DATABASE are not affected by CSV export and CSV import.
③ Create : You can create a user group by clicking the Create button.
-
Create User Group
① Enter user group information.
- Name : Name of user group
- Description : (Optional) Notes and additional information
- Users : (Optional) Users to add to user group
- Parent User Group : (Optional) The parent group to which the group you are creating will belong.
② Click the OK button.
-
Import CSV
① Click the CSV Template Download button to download the template, or click the Export CSV button to
add/delete/edit user groups based on the current user group list and save the CSV.
When saving CSV files, make sure to keep the *.csv extension.
If you modify the first line of the CSV file, file upload will fail.
② Upload the modified CSV file.
③ Click the Create button.
Connect menu > AI Connector
- Download TAB
You can download the latest version of AI Connector for each operating system.
① My Device : You can check your connected AI Connector information.
② Move to guide page : You can check how to install AI Connector by clicking the 
Move to guide page button
at the top.
The information pages for the user AI Connector and server AI Connector are different.
③ Copy : You can copy the download link by clicking the Copy button, and download it from the server using
the wget [link] command.
④ Download : You can download the latest version for each operating system by clicking the Download button.
- Profile TAB
This is a menu that allows you manage profiles that control the operation of AI Connector.
① Priority change : When there are two or more profiles, you can change the priority at which profiles operate.
Default Profile is excluded when changing priorities. The Default Profile cannot be deleted and operate at priority 0.
② Create : You can create an profile by clicking the Create button.
-
Create Profile
① Enter the profile information.
- Name : Name of profile
- User : (Optional) Users to add to profile
- User Group : (Optional) User groups to add to profile
- Action: Turn on/off functions to be used in AI Connector
② Click the OK button.
- Split Tunnels TAB
When setting the bandwidth, local network access such as network printing is possible, and bandwidth consumption for large file downloads, streaming, etc. is reduced.
The split tunnel provided by default cannot be modified or deleted, and users can create and manage split tunnels.
When creating/editing/deleting a split tunnel, existing users are disconnected from the Connector and reconnected.
-
Create Split Tunnel
① Enter the split tunnel information.
- Name : Name of split tunnel
- IP : IP to access directly without going to AIONCLOUD SIA
- NETMASK : Value in which bits in the network address part are replaced with 1
- Description : (Optional) Notes and additional information
② Click the OK button.
Connect menu > Tunnels
This is a menu that allows you to manage the tunnel that encrypts and transmits data when connecting the AI Connector to the Internet.
- Sever TAB
① Create : You can create a server tunnel by clicking the Create button.
② You can download the tunnel certificate by clicking the Authentication file 
button.
Detailed usage instructions can be found by clicking the server Move to guide page button on the
AI Connector page.
-
Create Server Tunnel
① Enter tunnel information.
- Name : name of the tunnel
- Description : (Optional) Notes and additional information
- Domain : The domain that will use the tunnel. You can add multiple domains by clicking
the Add button.
② Click the OK button.
- Gateway TAB
① Create : You can create a gateway tunnel by clicking the Create button.
② You can download the tunnel certificate by clicking the Authentication file button.
Detailed usage instructions can be found by clicking the server Move to guide page button on the
AI Connector page.
③ You can view the gateway tunnel's server list and creation/update times with the 
icon.
-
Create Gateway Tunnel
① Enter tunnel information.
- Name : name of the tunnel
- DNS : DNS to use tunnel
- Description : (Optional) Notes and additional information
- Server List : The server that will use the tunnel. You can add multiple servers by clicking
the Create button.
② Click the OK button.
Network menu > Firewall
- Security TAB
You can set firewall policies to protect access from specific traffic.
① Priority change : When there are two or more policies, you can change the priority at which the policies operate.
② You can change the policy activation status by clicking Activate 
or 
.
③ Create : You can create a policy by clicking the Create button.
-
Create Firewall Policy
① Enter firewall information.
- Activate : Whether firewall policy is used
- Name : Name of firewall policy
- Description : (Optional) Notes and additional information
- Source : Set origin conditions by selecting User / IP / Geolocaion type. (*Multiple selection possible)
- Destination : Set destination conditions by selecting All / User / IP / Geolocaion type.
(*Multiple selection possible)
- Service : Set the service by selecting App Protocol / Application / TCP Port / UDP Port.
(*Multiple selection possible)
Source / Destination / Service input example
- Action : Firewall policy block/allow
② Click the OK button.
-
Change the priority of firewall securities
A firewall policy has higher priority the higher it is placed on the list. The priorities of policies can be changed by clicking the Priority change button.
When you click the Priority change button, the selection in the table changes to the 
icon.
Change the priority by dragging and dropping the icon and then click the Apply button to apply.
- Application Group TAB
You can query information on the application group used when establishing a firewall policy.
Network menu > Access Control
This menu allows you to manage application control for browser-based access.
① Priority change : When there are two or more access controls, you can change the priority at which access controls
operate.
② You can change the access control activation status by clicking Activate or .
③ Create : You can create an access control by clicking the Create button.
-
Create Access Control
① Enter access control information.
- Activate : Whether access control is used
- Name : Name of access control
- Policy : Select detailed policies to control access control
- Type : Select one application type among HTTP, HTTPS, TCP, or UDP
- Application : Select either the IP or hostname that matches the application for integration
and enter the port.
- Redirect URI : URI to redirect when detected in access policy
- User : (Optional) Users who will use the access policy
- User Group : (Optional) User groups who will use the access policy
② Click the OK button.
-
Change the priority of access controls
A access control has higher priority the higher it is placed on the list. The priorities of access controls can be changed by clicking the Priority change button.
When you click the Priority change button, the selection in the table changes to the icon.
Change the priority by dragging and dropping the icon and then click the Apply button to apply.
Network menu > Access Policy
This is a menu that allows you to create and manage detailed policies to control access control.
The created policy can be assigned when creating access control.
-
Create Access Policy
① Enter access policy information.
- Name : Name of access policy
- Action : Access policy block/allow
- Condition :
ⓐ Click the AND or OR buttons to add conditions.
ⓑ Select a condition item. There are user, user group, schedule, IP, country, browser, and OS.
ⓒ Enter or select a value that matches each condition item.
ⓓ While adding conditions, if there is a condition you want to delete, you can delete it by
pressing the 
button.
② Click the OK button.
QoS menu > Application
Bandwidth is set for each group and application to ensure service quality.
Bandwidth is limited to 1 Mbps to 100 Mbps.
-
Change App QoS
① Enter the bandwidth in Mbps.
② Select the user or user group that will use the bandwidth.
③ Click the Apply button.
④ Click the OK button.
Security menu > Policy
You can set policies to detect when users use the web and block or allow them.
① Priority change : When there are two or more security policies, you can change the priority at which security policies
operate.
Bypass policies are excluded when changing priorities. Bypass policies cannot be deleted and operate at priority 0.
② You can change the security policy activation status by clicking Activate or .
③ Create : You can create an security policy by clicking the Create button.
④ You can view policy rules and creation/update times with the icon.
-
Create Security Policy
① Enter security policy information.
- Activate : Whether to use security policy
- Name : Name of the security policy
- Description : (Optional) Notes and additional information
- Schedule : When using a schedule, the period for which the policy operates can be set as one-time, daily, weekly,
or monthly.
- Action : Security policy block/allow
- Block Page : Select the page that appears when blocked by security policy
- Member : User or user group to apply security policy to
- Rule :
ⓐ Click the Create button to add conditions. The added conditions operate as AND conditions.
ⓑ Select the condition target. These include C&C traffic blocking, IP, and various HTTP elements.
ⓒ Select an operator for the condition. Depending on the condition target, there are is, is not, in, not in, in list,
match regex, etc.
ⓓ Enter the input value in the format required according to the condition target.
② Click the OK button.
-
Change the priority of security policies
A security policy has higher priority the higher it is placed on the list. The priorities of security policies can be changed by clicking the Priority change button.(Excluding bypass rules)
When you click the Priority change button, the selection in the table changes to the icon.
Change the priority by dragging and dropping the icon and then click the Apply button to apply.
Security menu > Groups
This is a menu that allows you to group and manage elements to be assigned as conditions to a policy.
- IP TAB
-
-
Create IP Group
-
① Enter IP group information.
- Name : Name of IP group
- Description : (Optional) Notes and additional information
- IP : IP to add to group
② Click the OK button.
- HOST TAB
-
-
Create HOST Group
-
① Enter HOST group information.
- Name : Name of HOST group
- Description : (Optional) Notes and additional information
- HOST : HOST to add to group
② Click the OK button.
- URL TAB
-
Create URL Group
① Enter URL group information.
- Name : Name of URL group
- Description : (Optional) Notes and additional information
- URL : URL to add to group
② Click the OK button.
- Path TAB
-
Create Path Group
① Enter Path group information.
- Name : Name of Path group
- Description : (Optional) Notes and additional information
- Path : Path to add to group
② Click the OK button.
- Value TAB
-
Create Value Group
① Enter Value group information.
- Name : Name of Value group
- Description : (Optional) Notes and additional information
- Value : Value to add to group
② Click the OK button.
Security menu > Block Page
This menu allows you to customize the page that appears when blocked by policy.
DEFAULT pages cannot be deleted and are the basic pages for other pages.
① Create : You can create an security policy by clicking the Create button.
② Preview: You can preview the block page by clicking the 
button.
Default blocking page
③ Status Code : You can modify the response code of the blocking page.
④ Apply : You can apply the changed blocking page settings by clicking the Apply button.
-
Create Block Page
① Enter block page information.
- Name : Name of Block page
- Description : (Optional) Notes and additional information
- Status Code : Response code of the blocking page
- Grant User Option : Choose whether to give users the option to close the blocking page and access the site
When choosing to use, choose between persistent (24 hours) or session (one-time),
and must include ${bypass_div$} in the code.
ⓐ You can reset it to the default blocking page (DEFAULT) by clicking the Initialize with default code button.
ⓑ You can preview the block page by clicking the button.
ⓒ Clicking on HTML text copies it to the clipboard so you can easily write code.
② Click the OK button.
Security menu > Signature Mgmt
- C&C TAB
You can manage IPs or hosts to include/exclude in security policy Block C&C traffic conditions.
① Add : You can add items by entering the IP or host to block/allow and then clicking the Add button.
② After selecting an item, you can change the list by clicking button
or
.
③ Reset : You can reset your changes by clicking the Reset button.
④ Apply : Click the Apply button to save your changes.
- ATP TAB
You can manage Hash to include/exclude in security policy Block ATP conditions.
① Add : You can add items by entering the Hash to block/allow and then clicking the Add button.
② After selecting an item, you can change the list by clicking button or.
③ Reset : You can reset your changes by clicking the Reset button.
④ Apply : Click the Apply button to save your changes.
- Anti-Virus TAB
You can manage Hash to include/exclude in security policy Anti-Virus conditions.
① Add : You can add items by entering the Hash to block/allow and then clicking the Add button.
② After selecting an item, you can change the list by clicking button or.
③ Reset : You can reset your changes by clicking the Reset button.
④ Apply : Click the Apply button to save your changes.
- Proxy Server TAB
You can manage IPs to include/exclude in security policy Block access public proxy server conditions.
① Add : You can add items by entering the IP to block/allow and then clicking the Add button.
② After selecting an item, you can change the list by clicking button or.
③ Reset : You can reset your changes by clicking the Reset button.
④ Apply : Click the Apply button to save your changes.
- Risky Websites TAB
You can manage URLs to include/exclude in security policy Block access risky websites conditions.
① Add : You can add items by entering the URL to block/allow and then clicking the Add button.
② After selecting an item, you can change the list by clicking button or.
③ Reset : You can reset your changes by clicking the Reset button.
④ Apply : Click the Apply button to save your changes.
- Malicious Code TAB
You can manage malicious patterns to include/exclude in the security policy HTTP Response include malicious code condition.
① You can change the malicious pattern usage status by clicking Use or .
② You can check detailed pattern information by clicking the View button.
Security menu > HTTP Category Mgmt
- Custom categories TAB
In addition to the default categories, you can manage custom categories.
-
Create custom categories
① Enter custom category information.
- Category : Name of Catgegory
- Description : (Optional) Notes and additional information
② Click the OK button.
- User Category TAB
You can set URLs to apply or exclude for each category.
-
Create User Category
① Enter user category information.
- Category : Select a category to set
- URL: Enter the URL to apply/exclude or select a group and click the Add button to add it.
- Description : (Optional) Notes and additional information
② Click the OK button.
Security menu > Remote Browser Isolation
After connecting to the AI Connector, if it is detected by the remote browser isolation policy, you can use the remote browser.
Remote browser example
① Priority change : When there are two or more RBI policies, you can change the priority at which RBI policies operate.
② You can change the RBI policy activation status by clicking Activate or .
③ Create : You can create an RBI policy by clicking the Create button.
④ You can view policy rules and creation/update times with the icon.
-
Create RBI Policy
① Enter RBI policy information.
- Activate : Whether to use RBI policy
- Name : Name of the RBI policy
- Description : (Optional) Notes and additional information
- Schedule : When using a schedule, the period for which the policy operates can be set as one-time, daily, weekly,
or monthly.
- Remote Browser Setting : Set actions to block/allow when using a remote browser
- Member : User or user group to apply RBI policy to
- Rule :
ⓐ Click the Create button to add conditions. The added conditions operate as AND conditions.
ⓑ Select the condition target. These include C&C traffic blocking, IP, and various HTTP elements.
ⓒ Select an operator for the condition. Depending on the condition target, there are is, is not, in, not in, in list, etc.
ⓓ Enter the input value in the format required according to the condition target.
② Click the OK button.
-
Change the priority of RBI policies
A RBI policy has higher priority the higher it is placed on the list. The priorities of RBI policies can be changed by clicking the Priority change button.
When you click the Priority change button, the selection in the table changes to the icon.
Change the priority by dragging and dropping the icon and then click the Apply button to apply.
Setting menu > Alert
- SIEM TAB
You can send logs in a custom format to a user log server.
By assigning a server to the log settings, you can transmit logs in the same log format to multiple servers.
You can preview the log format to be transmitted with the icon.
-
Create Server
① Enter server information.
- IP : Server IP to use SIEM notification feature
- Port : Port of server
- Protocol : Protocol of server
② Click the OK button.
-
Create Log
① Enter log information.
- Log Type : Select between web access log / web security log / firewall security log / cache log
- Delimiter : Symbol to distinguish format when sending logs
- Delimiter Count : Number of symbols to separate formats
- Language : Language of logs
- Period : Period of sending logs. This can only be set when the log type is web access log.
- Server : Server to use log settings for. The assigned server cannot be assigned to another log setting.
- Custom Prefix : (Optional) Text to prefix the log
- Log Format : What to send to the log
② Change log format order : Drag format items to change their order.
③ Click the OK button.
Setting menu > Login Settings
- SSO TAB
You can link AIONCLOUD SIA with the SSO (Single-Sign-On) solution, which allows automatic access to multiple sites with one login.
Sign In page when adding SSO
-
Create SSO
① Enter SSO information.
- Provider : IDP to provide SSO authentication
- Protocol : Protocol for SSO authentication
- Setting : Manual/Auto selection
If you select Manual, manually enter the Client ID, Secret Key, and Domain.
If you select Auto, enter the contents of the subform and click the Create button to
automatically enter the Client ID, Secret Key, and Domain values.
- Client ID : Client ID to use in authentication using the OIDC protocol
- Secret Key : Client authentication key to use with the client ID when using the OIDC protocol
- Domain : End-point provided by IDP
For Entra ID, the URI contains the Tenant ID, so the corresponding input value is required.
- Redirect URI : URI to redirect to register with IDP
- Logout URI : (Optional) Page to access when logging out
- Description : (Optional) Notes and additional information
② Click the OK button.
- MFA TAB
You can manage whether to use MFA authentication and tokens for each user and user group.
① View only target users/user groups : Only users/user groups with MFA authentication enabled are visible.
② Reset Token : When you click the Reset Token button, a selection will appear next to user name. If you check the user whose token you want to initialize and click the Reset Token button again, the MFA token for that user will be initialized.
③ Edit : You can change the MFA authentication target by clicking the Edit button.
-
Edit MFA
① When you click the Edit button, a toggle will appear in the list.
② Enable the toggle for users/user groups to use MFA authentication.
③ Click the Apply button.
Quick Lookup
You can quickly search URL categories and IP reputation by clicking the Quick Lookup button located at the bottom left of the screen.
The TAB is divided into URL Category Search and IP Reputation Inquiry.
URL Category Search - After entering the URL, click the Search button to view the URL's current category and change history in AICC.
IP Reputation Inquiry - If you click the Search button after entering the IP, the IP's reputation and whois information will appear. If it is a malicious IP, you can also search information such as detection basis and Osint.
Normal IP
Malicious IP
Setting menu > SSO > Azure AD
This is a guide to creating an Azure AD application and applying SSO login.
-
Create Application
① After connecting to Entra ID as the desired tenant, click the Enterprise applications item.
Go to the All applications tab and click New application.
② Click Create your own application.
③ When a panel like the one above opens on the right, enter the desired app name,
select “Integrate any other application you don't find in the gallery (Non-gallery)” and click the Create button
at the bottom.
④ In the Properties tab, disable "Assignment required?" to allow all users added in the future to use the
application without separate assignment.
-
Apply Provisioning
① Click the Provisioning tab.
② Click the Get started button to configure provisioning.
③ Change the provisioning mode to Automatic and fill in the Administrator Credentials section.
- Tenant URL : SCIM Server URI provided by SIA
- Secret Token : SCIM Token provided by SIA
④ Click Test Connection to check if the connection is correct. If all goes well, click the Save button at the top.
⑤ Click <Set application name> | overview at the top to re-enter the provisioning screen.
⑥ Click the Provisioning tab and then click Provision Azure Active Directory Groups.
⑦ Select Show advanced options, then click Review your schema here. to go to the Edit Schema window.
⑧ Click the Download button to download the schema.json file, then change the file contents to the script
provided by SIA.
Replace the changed schema with the code in the schema editor and then click the Save button to apply it.
It takes a long time to apply the schema after saving it.
⑨ On the Provisioning tab, change the scope to [Sync all users and groups] and save.
If the changed schema is applied and the attribute mapping of Groups and Users changes
⑩ In the Overview tab, click Start Provisioning to proceed with provisioning.
-
Apply SSO login (OIDC)
① Click the App Registrations tab, then find and select the application you just created.
② Click the Authentication tab to go to the SSO settings page. In the Platform Configuration section,
click Add a platform.
③ When the panel above appears, select the Web item.
④ Enter the redirection URI that you previously found in SIA Console.
⑤ Click the Configure button to save your settings.
⑥ On the Settings page, select to use an Access tokens and save it.
⑦ Go to the Certificates & Secrets tab and click New client secret.
⑧ In the Add Client Secret panel, enter a description and add it.
This is the value enter in the Secret Key section when creating SSO in SIA Console.
⑨ You can go back to the Overview tab and check your Client ID and Tenant ID.
Application(client) ID : This is the value you enter in the Client ID section when creating SSO in the SIA Console.
Directory(tenant) ID : Combine it with Microsoft's Entra ID and Tenant address and enter it into your domain.
Enter in the form https://login.microsoftoneline.com/<Tenant ID>/v2.0.
Setting menu > Backup Policy
This menu allows you to restore by uploading a previously downloaded backup file when the policy changes.
-
Download Policy
① (Optional) Enter a backup file name.
② Select the policy items you want to back up.
③ Click the Download button.
-
Upload Policy
① Click the upload area.
② Select the downloaded policy backup file or drag it from ①.
③ Click the Upload button.