Menlo Administration
  • PDF

Menlo Administration

  • PDF

In order to complete the Glasswall-Menlo Middleware integration, you will need to login to the Menlo Security admin dashboard and complete the following steps.

REST-API Configuration

  1. Login to Menlo Security Dashboard.


  2. From the Menlo Security Dashboard, navigate to the Web Policy section and then select the Content Inspection tab.


  3. Configure the following fields (example below):

    1. Plugin Name: Rename the plugin to integration type (Glasswall CDR Service).
    2. Plugin Description: GW-Menlo REST API Server Integration.
    3. Base URL: This is the Middleware URL (needs to be HTTPS url).
    4. Certificate: This shoud be rootCA public certificate, that was used to sign the middleware certificate.
    5. Type of Transfer: Downloads, Uploads or Both.
    6. Connection Timeout: you can leave the default as is.
    7. Process Timeout: in general the processing should happen within 5-10 seconds, but depending on the file size (or if it is an archive), could take a little longer. Balance this configuration with file size, archive handling and allowed file types configurations.
    8. Poll Interval: How often Menlo will check if analysis is completed
    9. Max Size: Configure max size as per your need, NOTE: Larger files would take longer to process
    10. Allow File Replacement: make sure you check this, since this will allow you to replace the original file with sanitized/clean file
    11. Unused Fields:
      • Authorization Header
      • Metadata Check
      • Hash Check
      • Leave Continue Inspection for the last 3 items.



Testing the Configuration

Once the relevant settings have been configured, Menlo allows you to test the configuration.

  1.  Navigate to the Content Inspection tab via Web Policy from the Dashboard, and click Test.


    This will execute a sample file download between Menlo and Glasswall API.
  2. Login to https://admin.menlosecurity.com & https://safe.menlosecurity.com.
  3. From https://admin.menlosecurity.com, navigate to Web Policy > Content Inspection > Menlo File REST API > Edit.

    Add to Base URL the public IP of your AWS instance.


  4. Before saving, click Test where the result should be as below:


  5. From https://safe.menlosecurity.com, navigate to https://github.com/k8-proxy/data-sets. Select your file type and file, then click Download.


  6. After the file has been scanned, download the original file (from GW Rebuild) or the safe file (Menlo Security).



Logs

To see a complete list of scanned files, navigate to the Logs section via https://admin.menlosecurity.com.



Use Cases

Modify Policies for File Types

If you need to modify how a file is handled:

  1. Navigate to https://admin.menlosecurity.com > Web Policy > Docs & Files > Edit.


  2. Here you can modify settings for:
    1. Action
    2. Original download
    3. Safe download


Modify Menlo File REST-API Options

  1. Navigate to https://admin.menlosecurity.com > Web Policy > Content Inspection.

  2. Under the Service Name column, find Menlo File REST API and click Edit.


  3. Here you can change the parameters that control what happens when a file is downloaded from the API.



  • Connect timeout: when a file connect time exceeds this setting, the file won't be displayed, but you will be able to download the original file.
  • Process timeout: when a file process time exceeds the specified process timeout setting, the file won't be displayed, but you will be able to download the original file.
  • Max Size: if a requested file is larger than the maximum size, the file won't be scanned and you will be prompted to download it directly.
  • Metadata Check: this setting enables metadata removal when scanning a file.