...
Feed Name | Default Action | Default Precedence |
|---|---|---|
Default Allow List | Allow - No Log | 1 |
Default Block List | Block – No Redirect | 2 |
Infoblox Base | Block – No Redirect | 3 |
Infoblox Base IP | Block – No Redirect | 4 |
Infoblox High Risk | Block – No Redirect | 5 |
Threat Insight - Zero Day DNS | Block – No Redirect | 6 |
Infoblox Medium Risk | Block – No Redirect | 7 |
Infoblox Low Risk | Allow – With Log | 8 |
Infoblox Informational | Allow – With Log | 9 |
Threat insight - DGA | Allow – With Log | 10 |
Threat Insight-Data Exfiltration | Allow – With Log | 11 |
Threat Insight-DNS Messenger | Allow – With Log | 1312 |
Threat insight - Notional Data Exfiltration | Allow – With Log | 1413 |
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy (to be supported until December 2024 and deprecated after December 2024):
Feed Name | Default Action | Default Precedence | |||
|---|---|---|---|---|---|
Base Hostnames | Block – No Redirect | 1 | |||
AntiMalware | Block – No Redirect | 2 | |||
Malware_DGA Hostnames | Block – No Redirect | 3 | |||
Ransomware | Block – No Redirect | 4 | |||
Public_DOH | Block – No Redirect | 5 | |||
Public_DOH_IP | Block – No Redirect | 6 | |||
Newly Observed Emergent Domains | Allow – With Log | 7 | |||
Threat Insight-Data Exfiltration | Allow – With Log | 8 | |||
Threat Insight - Notional Data Exfiltration | Allow – With Log | 9 | |||
Threat Insight-Fast Flux | Allow – With Log | 10 | Threat Insight-DNS Messenger | Allow – With Log | 1110 |
AntiMalware_IP | Allow – With Log | 1211 | |||
Ext_Base_AntiMalwar | Allow – With Log | 1312 | |||
Ext_Ransomware | Allow – With Log | 1413 | |||
Ext_AntiMalware_IP | Allow – With Log | 1514 | |||
DHS_AIS_Domain | Allow – With Log | 1615 | |||
CryptoCurrency | Allow – With Log | 1716 | |||
TOR_Exit_Node_IP | Allow – With Log | 1817 |
For information on adding feeds from a security policy, see Adding Feeds to a Security Policy.
...