...
| Note | ||
|---|---|---|
| ||
For information on the recommended Rule Actions to be applied in preparation of the August 22, 2023 feed changes, see the topic on Recommended Rule Actions in Preparation of the August 2023 Feed Changes. For For information on recommended rule actions to be applied to feeds as replacement to the deprecated SURBL feeds, see Recommended Feed Configuration to Replace the SURBL Feeds. |
...
Depending on your subscription level, each feed and Threat Insight policy in the Default Global Policy comes with a default action.
| Note | ||||
|---|---|---|---|---|
| When configuring feed precedence order, the default Allow and default Block go on the top section, please remember to prioritize feeds configured with a Block action (Block - No Redirect, Block - Default Redirect, and/or Block - Redirect - <custom redirect name>) by placing them in positions of higher precedence in your policy compared to feeds configured with an Allow action (Allow - With Log, Allow - No Log, and/or Allow - Local Resolution). Within each of the Block and Allow section, place the high confidence feeds first, followed by medium confidence feeds and finally, the low confidences feed. Placing Blocked feeds higher in policy precedence order than Allowed feeds ensures that none of malicious domains are not allowed inadvertently, allowing security policy to perform as intended.
| |||
|
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy offered by Infoblox as of August 31, 2023. The default actions and precedence described applies only to new accounts created on or after August 31, 2023. Accounts created and configured prior to August 31, 2023 will not be affected by the new default actions and/or precedence described. In the case of prior existing accounts , the actions and precedence in effect at the time of custom list creation will not be altered. Ensure that you understand the ramification of overriding the default action for any threat feeds and Threat Insight rules before doing so.
For information on best practices when configuring feed precedence order, see Best Practices for Setting Feed Precedence.
| Feed Name | Default Action | Default Precedence |
|---|---|---|
| Default Allow List | Allow - No log | 1 |
| Default Block List | Block – No Redirect | 2 |
| Base Hostnames | Block – No Redirect | 3 |
| AntiMalware | Block – No Redirect | 4 |
| Malware DGA Hostnames | Block – No Redirect | 5 |
| Ransomware | Block – No Redirect | 6 |
| Threat Insight - Rapid Domain Triage | Block – No Redirect | 7 |
| Suspicious | Block – No Redirect | 8 |
| Suspicious Lookalikes | Block – No Redirect | 9 |
| Suspicious NOED | Block – No Redirect | 10 |
| DOH Public Hostnames | Block – No Redirect | 11 |
| DOH Public IPs | Block – No Redirect | 12 |
| Newly Observed Emergent Domains | Allow – With Log | 13 |
| Threat Insight - DGA | Allow – With Log | 14 |
| Threat Insight-Data Exfiltration | Allow – With Log | 15 |
| Threat Insight-Fast Flux | Allow – With Log | 16 |
| Threat Insight-DNS Messenger | Allow – With Log | 17 |
| AntiMalware_IP | Allow – With Log | 18 |
| Threat Insight - Notional Data Exfiltration | Allow – With Log | 19 |
| Extended Base and Anti-malware Hostnames | Allow – With Log | 20 |
| Extended Ransomware IPs | Allow – With Log | 21 |
| Extended AntiMalware IPs | Allow – With Log | 22 |
| DHS_AIS_ Hostname | Allow – With Log | 23 |
| Cryptocurrency hostnames and domains | Allow – With Log | 24 |
| TOR Exit Node IPs | Allow – With Log | 25 |
...