Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2287
Views
0
Helpful
3
Replies

Block List Data Source in Cisco AMP

pavankumar.kakarla
Level 1
Level 1

‎04-30-2020 06:39 AM

What is the source that Cisco is referring to block the IP address under "Network" tab, Where can we find the source for this so that we can customize if required.

Labels:
Preview file
43 KB
0 Helpful
3 Replies 3

Matthew Franks
Cisco Employee
Cisco Employee

‎04-30-2020 07:21 AM

AMP uses a subset of the TALOS Intelligence IP Blacklist.  To create your own list, you can go to Outbreak Control > IP Block & Allow Lists.  Once your list is created, go to edit your policy and add it in the Outbreak Control section.
Add_IP_List.png
Under Advanced Settings > Network, you can choose to use Cisco's list, Cisco and Custom, or just your Custom lists.

 

Thanks,

Matt

0 Helpful

pavankumar.kakarla
Level 1
Level 1
In response to Matthew Franks

‎04-30-2020 07:28 AM

Thanks Matthew, So is this list dynamically updated by Cisco based on new threats. Is my understanding right?

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee
In response to pavankumar.kakarla

‎04-30-2020 08:04 AM

That is correct.  The list is regularly updated by TALOS.

 

Thanks,

Matt

0 Helpful
Customers Also Viewed These Support Documents