...
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy:
| Feed Name | Default Action | Default Precedence |
|---|
| Base | Block – No Redirect | 1 |
| AntiMalware | Block – No Redirect | 2 |
| Malware_DGA | Block – No Redirect | 3 |
| Ransomware | Block – No Redirect | 4 |
| SURBL_Multi | Block – No Redirect | 5 |
| ExploitKit_IP | Block – No Redirect | 6 |
| Public DOH | Block – No Redirect | 7 |
| Public DOH IP | Block – No Redirect | 8 |
| ThreatInsight-DGA | Allow – With Log | 9 |
| ThreatInsight-DataExfiltration | Allow – With Log | 10 |
| ThreatInsight-FastFlux | Allow – With Log | 11 |
| ThreatInsight-DNSMessenger | Allow – With Log | 12 |
| AntiMalware_IP | Allow – With Log | 13 |
| Bot_IP | Allow – With Log | 14 |
| SpamBot IP | Allow – With Log | 15 |
| Extended Base & Malware hostname | Allow – With Log |
16| 14 |
| Extended Ransomware hostname | Allow – With Log |
17| 15 |
| Extended Malware IP | Allow – With Log |
18| 16 |
| Extended ExploitKit IP | Allow – With Log |
19| 17 |
| SURBL_Fresh | Allow – With Log |
20| 18 |
| DHS_AIS_Domain | Allow – With Log |
21| 19 |
| FarSight Newly Observed Domains | Allow – With Log |
22| 20 |
| CryptoCurrency | Allow – With Log |
23| 21 |
| TOR_Exit_Node_IP | Allow – With Log |
24
