Home
Guardian
Administrator Guide
Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
Administration
System
Network interfaces
The Network interfaces page shows information on how much network traffic is being ingested/captured.
Configure a denylist
The Network interfaces page lets you configure denylists.

Guardian
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
    - System
      - General
        The General page lets you change the hostname and specify a login banner on a sensor.
      - Date and time
        The Date and time page lets you configure the date and time of a sensor.
      - Updates and licenses
        The Updates and licenses page lets you configure and manage the base software license and the licenses for optional features, such as Smart Polling, Threat Intelligence, Asset Intelligence, Arc, and Federal Information Processing Standards (FIPS).
      - Network interfaces
        The Network interfaces page shows information on how much network traffic is being ingested/captured.
        Configure a NAT rule
        The Network interfaces page lets you configure network address translation (NAT) rules.
        Configure a BPF filter
        The Network interfaces page lets you configure Berkeley Packet Filters (BPF).
        Configure a denylist
        The Network interfaces page lets you configure denylists.
        Denylist examples
      - Upload traces
        The Upload traces page lets you upload trace files and select the options for the uploaded file.
      - Export
        The Export page lets you export data in content packs.
      - Import
        The Import page lets you import data from multiple different sources, and in multiple formats.
      - Health
        The Health page lets you monitor the health of your sensors.
      - Audit
        The Audit page shows a list of all relevant user actions, from login/ logout to configuration operations, such as manually learning or deleting objects from the environment. This includes all recorded user actions based on the internet protocol (IP) address and username of the user who performed the action.
      - Data
        The Data page lets you selectively reset several kinds of data. You can select All, Only data, or None, depending on the type of user data that you want to reset.
      - Migration tasks
        The Migration tasks page gives you access to automated tasks that help you migrate the system configuration and settings to newer standards.
      - Operations
        The Operations page lets you reboot or shutdown the sensor, or manage the software updates for your sensor.
      - Support
        The Support page section lets you generate a support archive that you can then send to Customer Support when you need technical support.
      - Backup and restore
        The Backup and restore page lets you generate and schedule backup archives as well as restore the software from a backup.
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Configure a denylist

The Network interfaces page lets you configure denylists.

In the Denylist section, you can upload a text file that contains a denylist. This can contain a list of internet protocol (IP) addresses that are explicit, or with netmasks, or wildcards, that Guardian will not process. A wildcard in digit 2, 3 or 4 is equivalent to a /8, /16 or /24 netmask. The effect is similar to that of a Berkeley Packet Filter (BPF), however a denylist can handle tens of thousands of IP addresses, which is beyond the capabilities of a BPF.

In the top navigation bar, select
The administration page opens.
In the System section, select Network interfaces.
The Network interfaces page opens.
To the left of the applicable interface, select the icon.
A dialog shows.
In the Label field, enter a label for the interface.

Note: The label will show instead of the network interface name in all areas of the user interface.
Optional: To disable the network interface from sniffing traffic, select the toggle to OFF.
In the Denylist section, set the Enable denylist toggle to on.
Choose a method to upload the denylist file:
- Drag the denylist file into the Drop a file here or click to upload field
- Click in the Drop a file here or click to upload field and located the file to be uploaded
Note: A denylist must contain:
- One entry per line
- A dash (-) followed by a space and an IP address. Optionally, it can contain a wild card or a netmask.
Note: The maximum file size is 2 gigabyte (GB). The supported file type is text files (.txt).

The denylist has been configured.