This is to assist in configuration and debugging of Threat Blades on Security Analytics for connectivity to the Cloud.
A firewall or proxy is common between the Security Analytics Managed Appliance and the Bluecoat cloud. Knowing if the connection can be made is useful but can be problematic.
Note: First check Settings / Data Enrichment in the UI and make sure that not only Threat Blades are enabled, but also that the Data Enrichment Enrichment mode is set to "Query Global Intelligence Network". The option "Query Local Database" will disable cloud connectivity regardless of your Threat Blade settings.
To test, login as root and run the following command:
curl -ik -XHEAD 'https://ti.soleranetworks.com/CloudActions/ThreatBlades'
The expected results are:
HTTP/1.1 200 OK
Date: Mon, 13 Feb 2015 12:45:05 GMT
You can also try to trace the path to the cloud server and look for problems by running:
If you have access to the cloud, but results seem to be slow, the tracepath command can show where the latency is.