Thank you that's exactly what I am looking for. Can you please tell me that I have three types of hashes i.e. MD5, SHA1, and SHA256, Can I add all of them and I cannot copy paste any SHA one by one I have a huge list of hashes can I add them as a text file (.txt) like we do in security intelligence.

Firepower Management Center (and AMP console for that matter) only supports SHA-256 hashes. There's no way to import MD5 and SHA-1 hashes.

You can import a SHA-256 hash list in bulk. Please refer to the link I posted earlier - that page has detailed instructions on doing so by importing a csv file with up to 10,000 entries.

Thank you so much. I appreciate your help.

Dear Rhoads -

Please also let me know that I have added the File list as per you guided. My question is do I need to do something else to start monitoring the hash like need to apply this created file list in some access policy or somewhere or is it enough just to create File List? If I need to do something else. Please let me know that steps/configuration. Waiting for your answer.

Please read the note that is in the screenshot I provided earlier. It tells you what is required for the list to take effect.

Monitoring is via the widgets in the Files dashboard or also under Analysis > Files > Malware events (for detailed monitoring and analysis).

I did with malware cloud lookup but at right top I am getting this note "no access control policies use this file policy". when I click on it, it shows the attached note and redirected me to access policy control page but I am confuse how to add it on access control policy. Please have a look of two attachments.

Most policies are "underneath" your top level access control policy (ACP). You create an ACP and in it specify the Intrusion, File & Malware, DNS, Identity, SSL and Prefilter policies.

Each rule in your ACP has the option, under the Inspection tab, to specify a File Policy. As you can see in my screenshot below we call out the File policy created earlier and associate it with the rule. File inspection is computationally "expensive" so we don't always turn it on for every single rule.

Thank you for your quick help. I really appreciate it.

Hello Marvin -

Just one more thing that how many entries can we add in security intelligence on list to block ip's and URL's.

You're welcome.

I believe the limit is currently 10,000 each.

EDIT - see my later reply.

Thank you, I am adding IP's and URL in one list and this list has limit of 10,000 entries. Can you confirm this?

Sorry - the 10,000 number is the limit for a file list.

URL and IP lists are limited to 500 MB per list. You can add them as separate lists.

The number of entries you can include is limited by the maximum size of the file. For example, a URL list with no comments and an average URL length of 100 characters (including Punycode or percent Unicode representations and newlines) can contain more than 5.24 million entries.

This is all spelled out in the Configuration Guide. The above paragraph is a direct quote.

Marvin this is very kind of you for being so helpful. If I add total of both URL and IP's 40,000 entries in single txt. file and if txt. file size does not reach to 500 MB then I am allowed to add more in the same list. Please correct me if I am wrong.