Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
The best method to block an IP address involved in command-and-control (C2) traffic without requiring a configuration change on the firewall is to have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall. EDLs are lists that can be dynamically updated and referenced by firewall policies to block or allow traffic. This method allows the firewall to automatically update its blocking rules based on the latest threat intelligence without needing manual configuration changes.
C is correct