Have SSIM Rules Leverage Custom Tables Created by the Customer in GIN
With the additional functionality/integration between SSIM and GIN in 4.81, there’s an enhancement request we would like to make:
Periodically, we run into situations where we will max-out the resources of SSIM if we add large quantities of items in lookup tables that SSIM uses for its rules. I believe we need to stay around 200 items in a lookup table for any given rule, in order to avoid performance issues with SSIM.
Since SSIM and GIN (Basically a Symantec Cloud) are integrated… and SSIM leverages 3 standard lists provided by GIN ((sort of like lookup tables in SSIM: Malicious IPs, etc) , we would like to request the ability to create our own custom tables via GIN to allow us to add, via export, _large_ quantities of items in GIN for SSIM to monitor in its rules.
For example, in the past, I have been given lists of over 800 malicious host names we would like SSIM to monitor in its rules by adding them to lookup tables. However, due to the large quantity, we can’t add these to SSIM (huge perfomance hit) and then can’t utilize this important data. If we could create a custom list/table in GIN…and point a SSIM rule to that list in GIN, I’m thinking we could then accomplish what we need.