Cisco Cisco Firepower Management Center 4000
5-10
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Security Intelligence Lists and Feeds
A Security Intelligence list is a simple static list of IP addresses and address blocks that you manually
upload to the Defense Center. Custom lists are useful if you want to augment and fine-tune feeds or one
of the global lists, for a single Defense Center’s managed devices.
upload to the Defense Center. Custom lists are useful if you want to augment and fine-tune feeds or one
of the global lists, for a single Defense Center’s managed devices.
Note that netmasks for address blocks can be integers from
0
to
32
or
0
to
128,
for IPv4 and IPv6,
respectively.
For example, if a reputable feed improperly blocks your access to vital resources but is overall useful to
your organization, you can create a custom whitelist that contains only the improperly classified IP
addresses, rather than removing the Security Intelligence feed object from the access control policy’s
blacklist.
your organization, you can create a custom whitelist that contains only the improperly classified IP
addresses, rather than removing the Security Intelligence feed object from the access control policy’s
blacklist.
Note that to modify a Security Intelligence list, you must make your changes to the source file and
upload a new copy. For more information, see
upload a new copy. For more information, see
.
To upload a new Security Intelligence list to the Defense Center:
Access:
Admin/Access Admin/Network Admin
Step 1
On the object manager’s Security Intelligence page, click
Add Security Intelligence
.
The Security Intelligence pop-up window appears.
Step 2
Type a
Name
for the list. You can use any printable standard ASCII characters except curly braces (
{}
).
Step 3
From the
Type
drop-down list, specify that you want to upload a
List
.
The pop-up window updates with new options.
Step 4
Click
Browse
to browse to the list
.txt
file, then click
Upload
.
The list is uploaded. The pop-up window displays the total number of IP addresses and address blocks
that the system found in the list.
that the system found in the list.
If the number is not what you expected, check the formatting of the file and try again.
Step 5
Click
Save
.
The Security Intelligence list object is saved. You can now use it in access control policies.
Updating a Security Intelligence List
License:
Protection
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
To edit a Security Intelligence list, you must make your changes to the source file and upload a new copy.
You cannot modify the file’s contents using the Defense Center web interface. If you do not have access
to the source file, you can download a copy from the Defense Center.
You cannot modify the file’s contents using the Defense Center web interface. If you do not have access
to the source file, you can download a copy from the Defense Center.
To modify a Security Intelligence list:
Access:
Admin/Access Admin/Network Admin
Step 1
On the object manager’s Security Intelligence page, next to the list you want to update, click the edit
icon (
icon (
).
The Security Intelligence pop-up window appears.