03-12-2024 11:59 PM
Dear Community,
I am searching for a solution to automatically add the source IP of an attacker to the global block list when they perform a Priority Impact 1/2 attack.
Regards
03-13-2024 03:15 AM
You can manually add the IP in to Black list or if the IP blocked security intellegence to get the feeds.
you need to find a way to manipulate using API based on the attack vector and add in to block list, that is what i am thinking my views
BB
***** Rate All Helpful Responses *****
How to Ask The Cisco Community for Help
03-17-2024 12:51 AM
in addition what i have said before use below guide to see if that work for you.
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html
03-13-2024 03:32 AM
if this IP run any DDoS then try use flexconfig and thread-detection shunMHM
03-16-2024 10:59 PM
Can you provide me the flexconfig commands to do the same ,
Flex config is very hard to create
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
