List Types
Web security rules on Secure Web Gateway use several types of lists for retrieving information about web objects and users. The following are the main list types:
-
Custom lists — These are lists that you can modify. They are displayed on the upper branch of the lists tree on the Lists tab, for example, the list of URLs that are exempted from filtering.
Custom lists can have entries in string, number, category, and other formats. Lists with different formats can require different methods of maintaining them. Some custom lists are initially empty and must have their entries filled by you.
To the custom lists that Secure Web Gateway provides after the initial setup, you can add lists that you create on your own. -
System lists — You cannot modify most of these lists. They are displayed on the lower branch of the lists tree on the Lists tab.
System lists include category, media type, and application name lists, as well as lists of connectors used for cloud single sign-on. They are updated when an upgrade to a new version of Secure Web Gateway is performed.
The list of custom connectors is an exception among system lists, as you can change this list by adding connectors to it that you have configured on your own.
System lists for Data Loss Prevention (DLP), application filtering, and the Dynamic Content Classifier can be included in scheduled updates that you configure.
The user listUpdate is used internally for automatically updating the system lists mentioned above. The user listUpdate logs in to the UI as per the schedule and logs out after updating the lists. This user is limited to localhost and cannot be used for UI login or perform any other administrative activities.
-
Inline lists — You can modify these lists, but they do not appear on the Lists tab. They appear inline as part of the settings for a configuration item, for example, a list of HTTP ports as part of the proxy settings.
-
Subscribed lists — You set up these lists with a name on Secure Web Gateway. They are initially empty and have their content retrieved from a data source that you subscribe to. Subscribed lists are displayed on the lists tree at the end of the custom lists.
There are two subtypes of subscribed lists:-
Skyhigh-supplied lists — Content for these lists is retrieved from a Skyhigh Security server.
A number of lists are available on the Skyhigh Security server, for example, lists of IP address ranges or media types. -
Customer-maintained lists — Content for these lists is retrieved from a data source that you specify.
Sources that you can specify are files on web servers running under HTTP, HTTPS, or FTP.
-
For more information about this type of lists, see About Subscribed Lists.
List content is retrieved from the respective servers. To ensure that newer versions of this content are transferred to your lists on Secure Web Gateway, you can configure update schedules or perform updates manually.
-
External lists — These lists reside on external sources under their own names. They have their content transferred to Secure Web Gateway, where they provide the value of a property in a rule.
External list content is transferred during runtime, which means it is retrieved when the rule with the external list property is processed.
When the content has been retrieved, it is cached and reused until its date of expiration, which you can configure. After expiration, the transfer is repeated when the rule is processed again.
Sources that content can be retrieved from include files on web servers running under HTTP, HTTPS, FTP, or LDAP, and in particular types of databases. They also include files that are stored within your local file system.
For more information about this type of lists, see About External Lists. -
Map type lists — These lists store pairs of keys and values that are mapped to each other. You can create map type lists and fill list entries on Secure Web Gateway, or retrieve them as subscribed or external lists from other sources.
Keys and values on map type lists are initially stored in string format, but can be converted into different formats using suitable properties in rules.
For more information about this type of lists, see About Map Type Lists. -
Common Catalog lists — These lists can be pushed from a Trellix ePO server to Secure Web Gateway.
Common Catalog lists can have entries in IP address, domain name, string, or wildcard expression format. They are maintained on the Trellix ePO server.
For more information about this type of lists, see About the Common Catalog.