Cisco Cisco FirePOWER Appliance 8260
5-7
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Security Intelligence Lists and Feeds
also be ignored. If you want to monitor or block all traffic targeted by a policy, use an access control rule
with the
with the
Monitor
or
Block
rule action, respectively, and a default value of
any
for the
Source Networks
and
Destination Networks
, instead of security intelligence filtering.
Because adding an IP address to the global whitelist or blacklist affects access control, you must have
one of the following:
one of the following:
•
Administrator access
•
a combination of default roles: Network Admin or Access Admin, plus Security Analyst and
Security Approver
Security Approver
•
a custom role with both Modify Access Control Policy and Apply Access Control Policy
permissions; see
permissions; see
To add an IP address to the global whitelist or blacklist using the context menu:
Access:
Admin/Custom
Step 1
In an event view, packet view, the Context Explorer, or a dashboard, hover your pointer over an IP
address hotspot.
address hotspot.
Tip
In an event view or dashboard, hover your pointer over an IP address, not the host icon (
) to its left.
Step 2
Invoke the context menu:
•
In an event view or dashboard, right-click.
•
In the Context Explorer or packet view, left-click.
Step 3
From the context menu, select either
Whitelist Now
or
Blacklist Now
.
For information on the other options in the context menu, see
.
Step 4
Confirm that you want to whitelist or blacklist the IP address.
After the Defense Center communicates your addition to its managed devices, your deployment begins
filtering traffic according to your change.
filtering traffic according to your change.
To remove IP addresses from the global whitelist or blacklist:
Access:
Admin/Network Admin
Step 1
On the object manager’s Security Intelligence page, next to the global whitelist or blacklist, click the
edit icon (
edit icon (
).
The Global Whitelist or Global Blacklist pop-up window appears.
Step 2
Next to the IP addresses you want to remove from the list, click the delete icon (
).
To delete multiple IP addresses at once, use the Shift and Ctrl keys to select them, then right-click and
select
select
Delete
.
Step 3
Click
Save
.
Your changes are saved, but you must apply your access control policies for them to take effect.