...
Feed Name | Default Action | Default Precedence | |||
|---|---|---|---|---|---|
Default Allow List | Allow - No Log | 1 | |||
Default Bloxk Block List | Block – No Redirect | 2 | |||
Infoblox Base | Block – No Redirect | 3 | |||
Infoblox Base IP | Block – No Redirect | 4 | |||
Infoblox High Risk | Block – No Redirect | 5 | |||
Threat Insight - Zero Day DNS | Block – No Redirect | 6 | |||
Infoblox Medium Risk | Block – No Redirect | 7Threat insight - DGA | |||
Infoblox Low Risk | Allow – With Log | 8Threat | |||
Insight-Data ExfiltrationInfoblox Informational | Allow – With Log | 9 | |||
Threat Insightinsight - Fast FluxDGA | Allow – With Log | 10 | |||
Threat Insight-DNS MessengerData Exfiltration | Allow – With Log | 11Infoblox Low Risk | |||
Threat Insight-DNS Messenger | Allow – With Log | 12 | Infoblox Informational | Allow – With Log | 13 |
Threat insight - Notional Data Exfiltration | Allow – With Log | 1413 |
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy (to be supported until December 2024 and deprecated after December 2024):
Feed Name | Default Action | Default Precedence | |||
|---|---|---|---|---|---|
Base Hostnames | Block – No Redirect | 1 | |||
AntiMalware | Block – No Redirect | 2 | |||
Malware_DGA Hostnames | Block – No Redirect | 3 | |||
Ransomware | Block – No Redirect | 4 | |||
Public_DOH | Block – No Redirect | 5 | |||
Public_DOH_IP | Block – No Redirect | 6Domain | |||
Newly Observed Emergent Domains | Allow – With Log | 7 | |||
Threat Insight-Data Exfiltration | Allow – With Log | 8 | |||
Threat Insight - Notional Data Exfiltration | Allow – With Log | 9 | |||
Threat Insight-Fast Flux | Allow – With Log | 10 | Threat Insight-DNS Messenger | Allow – With Log | 1110 |
AntiMalware_IP | Allow – With Log | 1211 | |||
Ext_Base_AntiMalwarAntiMalware | Allow – With Log | 1312 | |||
Ext_Ransomware | Allow – With Log | 1413 | |||
Ext_AntiMalware_IP | Allow – With Log | 1514 | |||
DHS_AIS_Domain | Allow – With Log | 1615 | |||
CryptoCurrency | Allow – With Log | 1716 | |||
TOR_Exit_Node_IP | Allow – With Log | 1817 |
For information on adding and feeds from a security policy, see Adding Feeds to a Security Policy.
For information on removing feeds from a security policy, see the following: Removing Feeds from a Security Policy.