Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

Can FireSight blacklist an IP after it identifies malware from them

Go to solution
paul-d
Level 1
Level 1

‎06-08-2017 02:06 AM - edited ‎03-12-2019 06:25 AM

Hi,

We have FirePower managed by FireSight, and i was wondering, can you get FireSight to blacklist an IP when it say identifies the sender as emailing malware? 

Or set an IPS policy to blacklist the source IP address when a malware event is triggered,  for a period of say 24 hours?

Thank You

Chris

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-08-2017 08:25 PM

Yes - you use Correlation Policy with rules and remediations for this.

The logic of doing it is a bit complex (in my opinion) but you can watch the excellent labminutes video on this topic to learn how.

http://www.labminutes.com/sec0177_asa_firepower_event_correlation_remediation_1

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-08-2017 08:25 PM

Yes - you use Correlation Policy with rules and remediations for this.

The logic of doing it is a bit complex (in my opinion) but you can watch the excellent labminutes video on this topic to learn how.

http://www.labminutes.com/sec0177_asa_firepower_event_correlation_remediation_1

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card