Default Global Policy Feed Configuration Recommendation

This table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy, effective May 2024:

Feed Name	Default Action	Default Precedence
Default Allow List	Allow - No Log	1
Default Block List	Block – No Redirect	2
Infoblox Base	Block – No Redirect	3
Infoblox Base IP	Block – No Redirect	4
Infoblox High Risk	Block – No Redirect	5
Threat Insight - Zero Day DNS	Block – No Redirect	6
Infoblox Medium Risk	Block – No Redirect	7
Infoblox Low Risk	Allow – With Log	8
Infoblox Informational	Allow – With Log	9
Threat insight - DGA	Allow – With Log	10
Threat Insight-Data Exfiltration	Allow – With Log	11
Threat Insight-Fast Flux	Allow – With Log	12
Threat Insight-DNS Messenger	Allow – With Log	13
Threat insight - Notional Data Exfiltration	Allow – With Log	14

The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy (to be supported until December 2024 and deprecated after December 2024):

Feed Name	Default Action	Default Precedence
Base Hostnames	Block – No Redirect	1
AntiMalware	Block – No Redirect	2
Malware_DGA Hostnames	Block – No Redirect	3
Ransomware	Block – No Redirect	4
Public_DOH	Block – No Redirect	5
Public_DOH_IP	Block – No Redirect	6
Domain	Allow – With Log	7
Threat Insight-Data Exfiltration	Allow – With Log	8
Threat Insight - Notional Data Exfiltration	Allow – With Log	9
Threat Insight-Fast Flux	Allow – With Log	10
Threat Insight-DNS Messenger	Allow – With Log	11
AntiMalware_IP	Allow – With Log	12
Ext_Base_AntiMalwar	Allow – With Log	13
Ext_Ransomware	Allow – With Log	14
Ext_AntiMalware_IP	Allow – With Log	15
DHS_AIS_Domain	Allow – With Log	16
CryptoCurrency	Allow – With Log	17
TOR_Exit_Node_IP	Allow – With Log	18

For information on adding feeds from a security policy, see Adding Feeds to a Security Policy.

For information on removing feeds from a security policy, see Removing Feeds from a Security Policy.