top of page
support626160
Oct 9, 20242 min read

Setup custom feed into Cisco Security Intelligence

Updated: Oct 18, 2024

Step 1: Log into Cisco Firepower Management Center (FMC)


  1. Open a web browser and go to your FMC’s management IP address.

    • Example: https://<FMC_IP_Address>

  2. Log in using your admin credentials.


Step 2: Create a Custom Security Intelligence Feed Object

  1. Navigate to Objects in the main menu.

  2. Click on Object Management.

  3. In the left-hand menu, expand Security Intelligence and select Feeds.

  4. Click on the Add Feed button.



Fill in the following details:

  • Name: Provide a unique name for your feed, such as AbuseFirewall Custom Feed. (TEST3 in our case)

  • Description: Optional. Add a brief description, e.g., Custom feed for malicious IP addresses.

  • Feed URL: Paste the URL of your custom feed:



  • Feed Type: Select the appropriate type for your feed. In this case, choose IP Address.

  • Update Frequency: Set the frequency for FMC to pull updates from the feed. For example, set it to Every 1 Hour or based on your preference.

  • Authentication: Leave blank if no additional authentication is required.

  • Click Save to add the custom feed.

Step 3: Apply the Custom Feed to the Security Intelligence Policy



  1. Go to Policies in the main menu.

  2. Select Security Intelligence from the drop-down menu.

  3. Choose the existing Security Intelligence Policy you want to update, or click New Policy to create a new one.

  4. Scroll down to the Network Lists and Feeds section.

  5. Click on the Add button and select the AbuseFirewall Custom Feed you created in Step 2.

  6. Click OK.


Step 4: Deploy the Changes to the Firewalls

  1. Click on the Deploy button in the top-right corner.

  2. Select the devices you want to apply this policy to.

  3. Click Deploy to push the updated policy to your firewalls.

Step 5: Verify the Feed Integration

  1. Once the deployment is complete, navigate to Analysis > Security Intelligence Events.

  2. Check if traffic matching the feed is being logged.

  3. Verify that blocked IP addresses from the feed are appearing in the logs as blocked or monitored, depending on your policy settings.


With this setup, the IPs from your custom feed URL will be automatically monitored or blocked based on the configuration in your Security Intelligence policy.

 

 

10 views0 comments

Recent Posts

See All

Kommentare

bottom of page