https://community.cisco.com/t5/network-security/can-firesight-blacklist-an-ip-after-it-identifies-malware-from/m-p/3034856#M988946 <P>Yes - you use Correlation Policy with rules and remediations for this.</P> <P>The logic of doing it is a bit complex (in my opinion) but you can watch the excellent labminutes video on this topic to learn how.</P> <P>http://www.labminutes.com/sec0177_asa_firepower_event_correlation_remediation_1</P> Fri, 09 Jun 2017 03:25:38 GMT Marvin Rhoads 2017-06-09T03:25:38Z https://community.cisco.com/t5/network-security/can-firesight-blacklist-an-ip-after-it-identifies-malware-from/m-p/3034855#M988930 <P>Hi,</P> <P></P> <P>We have FirePower managed by FireSight, and i was wondering, can you get FireSight to blacklist an IP when it say identifies the sender as emailing malware?&nbsp;</P> <P></P> <P>Or set an IPS policy to blacklist the source IP address when a malware event is triggered, &nbsp;for a period of say 24 hours?</P> <P></P> <P>Thank You</P> <P></P> <P>Chris</P> Tue, 12 Mar 2019 13:25:06 GMT https://community.cisco.com/t5/network-security/can-firesight-blacklist-an-ip-after-it-identifies-malware-from/m-p/3034855#M988930 paul-d 2019-03-12T13:25:06Z https://community.cisco.com/t5/network-security/can-firesight-blacklist-an-ip-after-it-identifies-malware-from/m-p/3034856#M988946 <P>Yes - you use Correlation Policy with rules and remediations for this.</P> <P>The logic of doing it is a bit complex (in my opinion) but you can watch the excellent labminutes video on this topic to learn how.</P> <P>http://www.labminutes.com/sec0177_asa_firepower_event_correlation_remediation_1</P> Fri, 09 Jun 2017 03:25:38 GMT https://community.cisco.com/t5/network-security/can-firesight-blacklist-an-ip-after-it-identifies-malware-from/m-p/3034856#M988946 Marvin Rhoads 2017-06-09T03:25:38Z