Skip to main content

 

 

Cisco Defense Orchestrator

Security Intelligence Feeds for Firepower Security Intelligence Policies

The following table describes the categories available in the Cisco Talos feeds. These categories can be entered in both the network and URL blocked list.

Category

Description

attackers

Active scanners and blacklisted hosts known for outbound malicious activity.

bogon

Bogon networks and unallocated IP addresses.

bots

Sites that host binary malware droppers.

CnC

Sites that host command-and-control servers for botnets.

dga

Malware algorithms used to generate a large number of domain names acting as rendezvous points with their command-and-control servers.

exploitkit

Software kits designed to identify software vulnerabilities in clients.

malware

Sites that host malware binaries or exploit kits.

open_proxy

Open proxies that allow anonymous web browsing.

open_relay

Open mail relays that are known to be used for spam.

phishing

Sites that host phishing pages.

response

IP addresses and URLs that are actively participating in malicious or suspicious activity.

spam

Mail hosts that are known for sending spam.

suspicious

Files that appear to be suspicious and have characteristics that resemble known malware.

tor_exit_node

Tor exit nodes.