Citrix NetScaler IP Reputation feature and Webroot
Citrix NetScaler IP Reputation which is a pretty new feature and is as of now only included as part of Platinum, is one of the few Cloud Based Services that Citrix has included in NetScaler so far. Now IP Reputation is a pretty simple yet effective means to get updated list of “known bad IP addresses” which for instance are part of a botnet, known for network atttacks, scanners and so on. The IP reputation feature from Citrix is leveraging the IP reputation feature from another company called WebRoot, which specialized in gathering all these bad IP addresses from their sensor networking and creating their IP reputation database, which in return the NetScaler downloads and can reference in policies.
NOTE in order to enable and make IP reputation work you should make sure that To the NetScaler appliance should be able to connect to api.bcss.brightcloud.com on port 443. When we enable the IP reputation feature NetScaler will download a copy of the database and place it in the /var/nslog/iprep/ folder on the appliance.
You can monitor the updates to the database by using this command cat /var/log/iprep.log, note: When the reputation feature is enabled, the NetScaler Webroot database is downloaded. After that, it is updated every 5 minutes.
Read the entire article here, NetScaler IP Reputation feature and Webroot
via Marius Sandbu.