cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2239
Views
0
Helpful
3
Replies

Cisco Firepower Security Intellegence Blacklist Feed

croll9898
Level 1
Level 1

Does anyone have any suggestions for 3rd party feeds that your FMC could subscribe to or creating my own feed that we could subscribe to?

 

For example, we got hit with a phishing scam and the URL wasn't blocked by the default feeds the FMC subscribes to.  My goal is to subscribe to a feed that may have had this URL listed or create new feed that we could add URLs to going forward that our FTD and other could subscribe.

 

Bonus question...we also use Umbrella for remote disconnected clients and ideally we'd like to update this list or subscribe to a list that can be used in both solutions so we're not doubling our efforts.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Have you verified the Security Intelligence setup in your applied Access Control Policy? It should include the Phishing category in the Blacklist, something like the following:

 

SI Setup.PNG

Yes, we have that setup.  The only different is we don't have an a URL List and Feed object "Test_Blacklist".  I'm looking to create a URL and/or DNS List and Feed to subscribe and I was wondering if any had examples (Free or Paid).

 

My goal was to subcribe/create a feed that I could subscribe the FMC and OpenDNS to limit adding said URL to both solutions.  However, DNS, I did some digging on Friday and they both have API's.  I'm going to create a script to prompt for a URL and then add said URL to the FMC URL blacklist object and Open DNS blacklist object.

OK, so your basic setup is correct. 

 

Right now Firepower and Umbrella don't use all of the same data sources but over time Cisco has been working to reconcile those via the Talos threat intelligence feeds. You can consume Taxii-based feeds into FMC but not into Umbrella at this time.

 

If you manage to use the API to better inform them both you should write up your experience and consider publishing the project on Github. It would be a welcome addition to the community.

Review Cisco Networking for a $25 gift card