|
Threat Detection
The threat detection system has several components.
Emerging Threats Database
X-NetStat's auto-updater always checks the latest version of the Emerging Threats Intelligence open-source database. By default, it is uninstalled, but you can install it through the updater.
Once installed, the threat detection system will activate and stay active.
ET threats consists of the block-ips blacklist and the compromised-ips blacklist. When a new IP address connected to your system is detected, X-NetStat will scan for it in both blacklists and flag it with threat type ET_BLOCKED or ET_COMPROMISED, depending on which list it matches.
Custom Threat Assignment
You can also specify your own threat-level for a connection's remote IP. Right-click the connection, and choose Mark IP. You can mark an IP address as Trusted, Neutral, Suspicious, or Dangerous.
Custom assignments will always override results from the Emerging Threats database.
Colorization
When either an Emerging Threats or Custom threat is detected, the connection will be colorized in the connection table.
Safe IPs will be marked green, and dangerous ones will be marked red.
Country Threats
X-NetStat also allows you to classify certain countries as Safe, Neutral, or Threat.
There is currently no user-interface to change these, but if you go into %appdata%\X-NetStat 6 , you can see SafeCountries.txt, NeutralCountries.txt, and ThreatCountries.txt.
Enter a 2-digit country code in these files, one per line, and X-NetStat will colorize the country abbreviation under the Country column.