EDR: How To Block Specific IPs For IOCs From Threat Intel Feeds From Alerting

EDR: How To Block Specific IPs For IOCs From Threat Intel Feeds From Alerting

search cancel

EDR: How To Block Specific IPs For IOCs From Threat Intel Feeds From Alerting

book

Article ID: 291044

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to block specific IPs for IOCs from threat intel feeds from alerting.

Environment

EDR Server: All Versions

Resolution

Create watchlist based on threat feed.
Add criteria to exclude IPs for IOCs to block.
Enable watchlist and disable Alerts from the Threat Feed.

Additional Information

If using the Threat Feed score as a criteria on the watchlist, the Threat Feed must remain enabled with alerts disabled.

Feedback

thumb_up Yes

thumb_down No