What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.

What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

a. Have XSOAR automatically add the IP address to a deny rule in the firewall

b. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts

c. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall

d. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP

Answer: C

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments