Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1606
Views
0
Helpful
1
Replies

Correlation Events

rsharp001
Level 1
Level 1

‎05-29-2019 02:02 PM

Is it possible to setup a correlation event that will temporarily blacklist an IP address based on receiving a # of intrusion events against a destination IP?

 

Or is there another way in the FP to do something like this?  The appliance is sitting inline.

Labels:
0 Helpful
1 Reply 1

rsharp001
Level 1
Level 1

‎05-30-2019 09:24 AM

Adding more information:

- This is a physical appliance, not an ASA running FTD, running 6.3.0.  It is inline. 

- What I'm wanting to do is have the box auto blacklist and remove from that list(if possible from correlation events) any IPs that are blocked multiple times over a period of time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card