...
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy:
| Feed Name | Default Action | Default Precedence |
|---|---|---|
| Base | Block – No Redirect | 1 |
| AntiMalware | Block – No Redirect | 2 |
| Malware_DGA | Block – No Redirect | 3 |
| Ransomware | Block – No Redirect | 4 |
| Public_DOH | Block – No Redirect | 6 |
| Public_DOH_IP | Block – No Redirect | 7 |
| Threat Insight - DGA | Allow – With Log | 8 |
| Threat Insight-Data Exfiltration | Allow – With Log | 9 |
| Threat Insight-Fast Flux | Allow – With Log | 10 |
| Threat Insight-DNS Messenger | Allow – With Log | 11 |
| AntiMalware_IP | Allow – With Log | 12 |
| Ext_Base_AntiMalware | Allow – With Log | 13 |
| Ext_Ransomware | Allow – With Log | 14 |
| Ext_AntiMalware_IP | Allow – With Log | 15 |
| DHS_AIS_Domain | Allow – With Log | 16 |
| CryptoCurrency | Allow – With Log | 17 |
| TOR_Exit_Node_IP | Allow – With Log | 18 |
For information on adding and removing feeds from a security policy, see the following:
...