07-13-2018 05:48 AM - edited 02-21-2020 07:59 AM
Does anyone have any suggestions for 3rd party feeds that your FMC could subscribe to or creating my own feed that we could subscribe to?
For example, we got hit with a phishing scam and the URL wasn't blocked by the default feeds the FMC subscribes to. My goal is to subscribe to a feed that may have had this URL listed or create new feed that we could add URLs to going forward that our FTD and other could subscribe.
Bonus question...we also use Umbrella for remote disconnected clients and ideally we'd like to update this list or subscribe to a list that can be used in both solutions so we're not doubling our efforts.
07-14-2018 11:00 PM
Have you verified the Security Intelligence setup in your applied Access Control Policy? It should include the Phishing category in the Blacklist, something like the following:
07-16-2018 04:58 AM
Yes, we have that setup. The only different is we don't have an a URL List and Feed object "Test_Blacklist". I'm looking to create a URL and/or DNS List and Feed to subscribe and I was wondering if any had examples (Free or Paid).
My goal was to subcribe/create a feed that I could subscribe the FMC and OpenDNS to limit adding said URL to both solutions. However, DNS, I did some digging on Friday and they both have API's. I'm going to create a script to prompt for a URL and then add said URL to the FMC URL blacklist object and Open DNS blacklist object.
07-16-2018 07:17 AM
OK, so your basic setup is correct.
Right now Firepower and Umbrella don't use all of the same data sources but over time Cisco has been working to reconcile those via the Talos threat intelligence feeds. You can consume Taxii-based feeds into FMC but not into Umbrella at this time.
If you manage to use the API to better inform them both you should write up your experience and consider publishing the project on Github. It would be a welcome addition to the community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide