Security Intelligence Feeds for Firepower Security Intelligence Policies
The following table describes the categories available in the Cisco Talos feeds. These categories can be entered in both the network and URL blocked list.
|
Category |
Description |
|---|---|
|
attackers |
Active scanners and block-listed hosts known for outbound malicious activity. |
|
bogon |
Bogon networks and unallocated IP addresses. |
|
bots |
Sites that host binary malware droppers. |
|
CnC |
Sites that host command-and-control servers for botnets. |
|
dga |
Malware algorithms used to generate a large number of domain names acting as rendezvous points with their command-and-control servers. |
|
exploitkit |
Software kits designed to identify software vulnerabilities in clients. |
|
malware |
Sites that host malware binaries or exploit kits. |
|
open_proxy |
Open proxies that allow anonymous web browsing. |
|
open_relay |
Open mail relays that are known to be used for spam. |
|
phishing |
Sites that host phishing pages. |
|
response |
IP addresses and URLs that are actively participating in malicious or suspicious activity. |
|
spam |
Mail hosts that are known for sending spam. |
|
suspicious |
Files that appear to be suspicious and have characteristics that resemble known malware. |
|
tor_exit_node |
Tor exit nodes. |