In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define allow lists and block lists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. When using your own threat intelligence feeds with BloxOne Threat Defense Cloud, allow lists and block lists, you can apply your own security policies. Each custom list can contain as many as 50,000 records, and BloxOne Thread Defense Cloud supports up to 500,000 records across al customer lists.
The default custom list configuration includes Allow - No Log for the custom allow list and Block with Log for the custom block list. These lists are included in the default policy for new and existing customers.
You can add a custom list to multiple security policies or multiple custom lists to one security policy based on your business needs. When you assign multiple custom lists that contain the same domain name(s) but with different actions to the same security policy, BloxOne Threat Defense Cloud takes actions based on the following order:
...