Rules

Secret ingredients to quality software

Edit
Info

Do you create your own IP Blacklist?

Created on 01 Oct 2019 | Last updated by Kaique Biancatti on 09 Jan 2021 12:35 AM (3 months ago)

Cisco's FirePower module is able to automatically get a list of suspicious IPs from Cisco, however the IPs that are attempting to break into your network may not be the same as Cisco's recommended Blacklist. That is why it is important to have your own IP Blacklist.

This needs to be an internally accessible webpage that the FirePower module can access and use as it's Blacklist. An example script for this can be found on GitHub.

This script gathers IP Addresses from well-known internet lists, sanitizes them of internal IP addresses and adds them into a text document that is then accessible by the Cisco FirePower module. Alternatively, you could also get failed login attempts and compare them against multiple IP reputation sites. If it looks suspicious on 3 or more sites, add it to the text document above.

Steven AndrewsSteven Andrews
Kaique BiancattiKaique Biancatti

We open source. This page is on GitHub