10-18-2017 09:11 PM - edited 02-21-2020 06:32 AM
On the new FirePower version 6.2.2, there is a new feature call Threat Intelligence Director (TID).
Has anyone start leveraging this new feature and what are some of the common open feeds that the TID can be imported to FMC automatically?
11-01-2017 07:44 PM
I added AlienVault OTX as a start...
11-08-2019 06:17 AM
Can you help me to add AlienVault OTX to my TID?
11-03-2017 09:09 AM - edited 11-03-2017 09:36 AM
I would be interested in learning more of how people are using this feature.
Here is some documentation I found:
Thanks in advance
08-25-2018 11:49 PM
I have seen customers who are members of an ISAC (Information Sharing and Analysis Center) use feeds from the ISAC in their FMC's TID.
Here's a listing of some of the ISACs out there:
11-05-2017 05:19 PM
For those that are interested in this topic, I found a very useful video(s) from Youtube on explainining the usage of TID with uploading flat file or constanting connecting to a threat intelligence site.
Cisco Firepower Threat Defense 6 2 2 : Threat Intelligence Director (Flat File): youtu.be/s-laX74reXo?a
Cisco Firepower Threat Defense 6 2 2: Threat Intelligence Director (Hail A TAXII): youtu.be/0usmyIrA0fA?a
Credit for Jason Maynard, videos are not mine.
04-19-2018 05:32 AM
All,
After we enable TID, add the Flat, URL or STIX. Do we need to mess with ACL to get this rolling? Lets say just foor flat file, i have added a text file and uploaded. After then, do i literally need to go to Policies and change something as in Default?
Any help is much appreciated!
08-25-2018 08:12 PM
You do not need to re-deploy policies when leveraging TID. EX: if you have an sources, indicators, observable that you set to block within TID then it would be blocked on FTD without re-deployment of policy. This is different from security intelligence - details here
TID configuration changes do not require redeployment—After you modify Security Intelligence settings in the access control policy, you must redeploy the changed configuration to managed devices. With TID, after initial deployment of the access control policy to the managed devices, you can configure sources, indicators, and observables without redeploying, and the system automatically publishes new TID data to the elements.
08-30-2018 07:02 AM
Awesome, thanks for the detailed response. But i managed to get your answer from your Youtube video. :)
Thanks again!
08-30-2018 07:13 AM
Fantastic!
04-09-2019 04:42 PM
This is very interesting. Threat feeds can get very large in size. What are the limitations as far as the number of IPs and domains the NGFW can handle from third-party threat feeds? Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: