8.8.4. Managing the white and black lists of the Machine Learning engine

8.8.4.1. Introduction

Exception lists can be set up in order to:

  • Force the engine to declare domain names as healthy (White List).
    This enables eliminating alerts related to recurring false positives.
  • Raise an alert for a domain that would not otherwise have been detected (false negative) using a blacklist.

This procedure shows how to populate both lists.

Note

The graphical interface is described in `Admin-GCenter- ML Management` screen of the legacy web UI.


8.8.4.2. Prerequisites

  • User : member of Administrator group


8.8.4.3. Preliminary operations


8.8.4.4. Procedure to access to the `Domain Name Generation (DGA) Detection Management` window for an administrator account

  • In the navigation bar, successively click on:

  • The `Admin` button

  • The `Gcenter` sub-menu

  • The `ML Management` command
    The `Machine Learning Management` window is shown.
  • Click on the `Machine Learning Management` heading.
    The `Machine Learning Management` window is displayed. It contains a single `DGA Detection Management` category.
  • Click on the `DGA Detection Management` button.
    The `Domain Name Generation (DGA) Detection Management` is displayed.

8.8.4.5. Procedure to manage the White list

  • Click on the `White List` section.

../../_images/ML_SETTING-02.PNG
  • To add an item to the list :

  • Press the `Add a single domain name` button (1).
    The `Add to White List` window is displayed.
  • Enter the domain name.

  • Enter a comment, if any, for further details.

  • Click on the `Save` button.
    If successful, the following message is displayed: `The domain name xxx was successfully added to white list`.
    In case of an error, the following message is displayed.
    For example, `The domain name was not added to white list. xxx already exists in the white list`
  • To add a set of items to the list:

  • Press the `Add a set of domain names` button (5).
    The `Add to White List` window is displayed.
  • Use the `Browse` button to select the csv file.

  • If necessary, delete the previous list by ticking the `Clean previous list` box.

  • Click on the `Save` button.

  • Enter any comments.

  • Click on the `Save` button.
    A status message indicates the result of the import.
    For example: `The line number 1 is invalid in the csv file. Please contact the Gatewatcher support if you need help.`. Here the message indicates that the loaded format is not the expected one.

8.8.4.6. Procedure to manage the Black list

  • Click on the `Black List` section.

../../_images/ML_SETTING-02.PNG
  • To add an item to the list:

  • Press the `Add a single domain name` button (1).
    The `Add to Black List` window is displayed.
  • Enter the domain name.

  • Enter a comment, if any, for further details.

  • Click on the `Save` button.
    If successful, the following message is displayed: `The domain name xxx was successfully added to white list`.
    In case of an error, the following message is displayed.
    For example: `The domain name was not added to white list. xxx already exists in the white list`
  • To add a set of items to the list:

  • Press the `Add a set of domain names` button (5).
    The `Add to Black List` window is displayed.
  • Use the `Browse` button to select the csv file.

  • If necessary, delete the previous list by ticking the `Clean previous list` box.

  • Click on the `Save` button.

  • Enter any comments.

  • Click on the `Save` button.
    A status message indicates the result of the import.
    For example: `The domain name was not added to black list. xxx already exists in black list`