Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
1
Replies

Firepower Threat Intelligence Defence Sources

cco@leferguson.com
Level 1
Level 1

‎08-06-2018 10:17 AM - edited ‎03-12-2019 06:52 AM

Despite reading for days, I feel like I'm missing something fundamental.

The TID option of FMC needs sources.  Cisco doesn't provide sources?  (That's a question, maybe I'm missing something).

I've seen recommendations to use AlienVault OTX and HailaTaxii both, I configured both, and they are working, but I feel like it must be very duplicative  - I pulled all HailaTaxii so now have 12 sources, and a good part of the day is spent parsing updates.

Are they duplicative?  Is there a "cisco" version of this?  I have seen people refer to Talos, but that seems related to other rules, not TID?

I think it is very good that one can configure your own standard format sources, but it seems like being empty out-of-the-box is worrisome.  I have all the licenses for Cisco databases and filtering, was there a TID feed I missed? 

Which third party one(s) are you finding most useful, if any?

Thanks, 

Linwood

1 person had this problem
Labels:
0 Helpful
1 Reply 1

cco@leferguson.com
Level 1
Level 1

‎08-06-2018 10:19 AM

As a followon related question: These feeds appear to always go into monitor mode by default, and to make them block one has tag specific indicator or observables to block mode. That seems very tedious; I presume it is because there are a lot of false positives?  Are they feeds that are less tentative, that one could with reasonable safety just block all of?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card