Threat Intelligence Feeds or Reputation-Based filtering is a crucial part of the security configuration to prevent the intruders from entering the network. As security administrators, we want to ensure that the intruders do not compromise the network under any circumstances. Reputation-based filtering can be performed based on the following:
TALOS provides the Threat Intelligence Feeds and updates them regularly. Firepower Threat Defense devices ingest these feeds through the management console, which can be either Firepower Management Center or Firepower Device Manager. The user can configure the frequency of updating the feeds.
While TALOS provides a comprehensive list of feeds, the key is to collaborate and integrate with third-party sources for threat intelligence.
Cisco Threat Intelligence Director (TID) provides the capability for third-party integration of security feeds. TID enhances the system’s ability to block connections that are based on Security Intelligence Feeds from third-party sources such as the following:
TID supports an extra SHA-256 parameter that has values in addition to IP and URL.
TID supports other ingestion parameters such as STIX and TAXII.
TID configuration does not require policy redeployment.
This feature is available on FMC version 6.2.2 or above with 15GB memory.
To know more about Third-Party Integration of Security Feeds with FMC (Cisco Threat Intelligence Director), read:
Hi, Is the password for this CLI "automate-tester username dummy probe-on" needed? radius server iseautomate-tester username dummy probe-onkey testiseIs "key testise" related to automate-tester username dummy probe-on?
Hi, Is it possbile to Test ISE radius server authentication with Cisco switch using "test aaa"?I noticed username is needed when doing "test aaa group radius..." , but when setting up network devices & key in ISE, no username was used, only has s...
Hi all,i have problem with adding secondary node to primary. I can ping them, nslookup on both sides gives me correct entry. I did tcp dump on destination FW, don't see that something is blocking...primary is using 443 port when I try to register secondar...
All, So I have been investigating access logs on our web server and came across something that does not make sense to me. In the secure log i have batches of sshd attempts, and i know that based on the description of the log these attempts did n...
Hi guys, A user has changed his AD password today, and now the AD account gets locked out all the time from the proxy. We think his session with the old password is open in any computer or server, but the problem is that the proxy longs don´t show wh...