Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Experts! Any insights into the polling mechanism of ETF on ESA? Basically I would like to know if ESA actually stores the external threat feeds in the same database as the internal ones upon polling ETF sources, or stores in different database. If th...
We are aware that Cisco Talos has been continuously integrating public threat feeds into its own threat feed library as part of the built-in feeds on-prem ESA. Is there a way to know which threat feeds of which vendor are integrated? With this info, ...
Async OS 12.1 is used. The only entry provided to enable ETF for IP reputation check is through HAT. I have the need to filter out some traffic based on destination address, but couldn't find a way to add in the condition. Is it possible? Thanks!
The 2nd solution sounds interesting, I will give it a thought! Thanks!ESA doesn't accommodate IP reputation check with ETF by way of content filter. ETF is only provided on HAT for IP reputation check. That is why 1st and 3rd solution wouldn't help.
I see..., thanks!Then Ken, would you be able to recommend some external threat feed sources, fintech or not?At the same time, if we can hear any feedback from Cisco employee as well, that would be great.
Thanks Ken. Probably not, since ETF mechanism is provided to IP reputation check only in HAT. I am able to define content filter to do, for example, domain reputation check with ETF and add the content filter to inbound policy, but not for IP reputat...
Thanks for the reply, SriramV! We are accommodating two departments which have 2 different domain name as destination address. ETF can only be applied to one department. When we perform domain, URL reputation check, we can define content filter with ...
