Does FMC support SHA256 hash blocking via external dynamic list
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2023 11:59 PM
Is there an option in Cisco FMC to block Hash via EDL method, similar to the option available for blocking IP, Domain, and URL via EDL in FEEDs in security intelligence section?
Currently, it only allows manual creation and upload of a file list containing hashes to be blocked.
- Labels:
-
Endpoint Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2023 04:29 PM
In Integration->Intelligence->Sources, when you create a new source using delivery type URL and type Flat File, you have the option of selecting the content as "sha-256"
(See attached screenshot for reference.)
Is this not what you are asking for?
Please mark helpful answers & solutions
---
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 11:27 AM
That looks promising and I believe it should do what the OP is asking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 11:12 PM
Thanks for the solution. I also wanted to confirm if there is a specific path, when I log in via the console, where I can find the list of SHA256 hashes that have been synchronized with FMC?
As off now I am unable to see any sort of status on the web UI.
