url feed list on Firesight version 5.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2016 12:59 PM - edited 03-12-2019 05:56 AM
Hello,
we have public website address like www.xxx.com/malicious.txt ; this adress contains malicious website urls and i want block this urls.
when i check the object configuration it does not show the option like Security intelligence feed. (i can set website address for bad ip adress list)
palo alto can do this by default. any body know workaround solutions about this problem?
regards
zafer
- Labels:
-
NGIPS

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2016 01:24 AM
Hi Zafer, Can you please provide more details on what you are trying to accomplish ?
As far as i understand you are trying to block malicious url by creating custom url objects (urls which do not come in any category ).
You can check the url category at this link.
http://www.brightcloud.com/tools/url-ip-lookup.php
If the url you are tying to block falls in any malicious category , you can block it by blocking that category or create custom URL object for that address and block that.
Security intelligence is something else and works based on IP address only.
Let me know if it helps.
Thanks
Yogesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2016 01:00 AM
Hi Yogesh,
i dont want block category based information come from Cisco.
You can think like this. Malware analyst team found new malware and know which site communicate the from internet based on fqdn not ip adress. They update their url with new malware sites.
this website address multiple urls and updates daily. i dont want create object for each url on Firesight.
i want get url address from this site "www.x.com/badurl.txt" and i block them, thats all
i can do for ip address (Security intelligence) but i can not find for url. i tried search from command line but i couldnt find workaround solution
regards
zafer

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2016 08:48 AM
Hi
I can think of doing that based on category based blocking by blocking only certain categories.
Some of the categories are
>'confirmed spam sources'
>'malware sites'
>'Phishing and other frauds'
>'spam url'
>'spyware and adware'
It might help.
Thanks
Yogesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2017 10:32 AM
I have the same question and I thought I'd see if anyone else has even discussed such a matter. In this thread, the Cisco respondent keeps trying to turn the matter into a "category" issue even after you initially respond with "i dont want block category based information come from Cisco". It is unfortunate that this person did not recognize such from each of your posts.
Our Security team often gives us domain names to be blocked. This would involve creating objects, then editing policy rules, then pushing. I was hoping that we could simply configure a "feed" to check their list that they maintain and they could get this done much quicker and have their own 24/7 ability to make their own additions/subtractions to that list. I would like to know if this truly is genuinely possible and operational within Cisco's Firepower system.
Zafer, et al, has anyone setup a custom feed used to unconditionally block certain domain names via "feed" mechanism within firepower?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2017 12:56 PM
I think the DNS feed is the closest thing to this at the moment or another way would be to populate url object from REST API.
But that would require upgrade to 6.x.
br, Micke
