解決済み: Steps for blocking Sha-256 on FMC

Alan Inman · ‎03-14-2020

To block a sha-256 on Cisco FMC are these the steps I need to take?

Add sha-256 to Objects >> File List >> Custom-Detection-List
Add File List (somehow) to Policies >>Access Control >> Malware & File >> Malware Block
Add Malware Block to Policies >> Access Control >> My production Access Control List

Or is simply doing step 1 sufficient? @Marvin Rhoads has a great explanation HERE but if I do have to move into step 2 I don't see a way to point back to the Custom-Detection-List in step 1. Thank you for your time -Alan

Step 1

Step 2Step 2 (continued)

Step 3

Marvin Rhoads · ‎03-15-2020

When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01010111.html#ID-2243-00000833

Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.

元の投稿で解決策を見る

Marvin Rhoads · ‎03-15-2020

When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01010111.html#ID-2243-00000833

Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.