Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
1
Helpful
0
Replies

UTD with Extended ACL

utawakevou
Level 4
Level 4

‎04-30-2025 05:00 PM

I have a Cisco ISR 4431 with an extended ACL using network/service groups. One of my network object groups is called Abused_IP and I normally add in hosts/network which I suspect is doing port scanning etc when I go through my netflow analayzer. This is a manual and tedios task and this group keeps on growing. Im looking at using UTD and Ive got the eval of the security license activated for me to test out - securityk9 (ISR_4400_Security) 1 IN USE. Hoever I notice that it doesnt have to option of "utd threat-intelligence" under the UTD command. Its only th following options avaialbe:

engine UTD engine
threat-inspection UTD Threat Inspection (IPS/IDS) config modes

Done some research on the web and my plan is to use the Cisco Talos:

utd threat-intelligence
feed talos
update interval 1440 ! Update every 24 hours

THen configure my network object-group

object-group network Abused_IP
dynamic threat-intelligence feed talos

What other license do I need for this ? Anyway I can use the current options to achieve this ?

 

 

Labels:
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card