Introduction
In an era of rapidly evolving cyber threats, integrating dynamic threat intelligence feeds into your Cisco Next-Generation Firewall (NGFW) is essential to maintain robust network security. Q-Feeds provides up-to-date Indicators of Compromise (IoCs) that can be seamlessly integrated into your Cisco Firewall Management Center. This guide outlines the steps to configure and use these dynamic IoC lists to enhance your network’s defense mechanisms.
Step 1: Obtaining Q-Feeds API Token
Before you can integrate Q-Feeds with your Cisco Firewall, you need to obtain an API token. This token allows you to download IoC lists directly into your firewall management center.
- Request the API Token:
- Visit the Q-Feeds website to request a trial API token, or contact your account manager for assistance.
- API Token Usage:
- The API token is required for accessing Q-Feeds’ dynamic IoC lists. Keep this token secure as it is linked to your account.
Step 2: Configuring Dynamic IoC Lists in Cisco Firewall Management Center
After obtaining the API token, follow these steps to configure the dynamic IoC lists in your Cisco Firewall Management Center:
- Access Firewall Management Center:
- Open the web console of Cisco Firewall Management Center in your browser.
- Navigate to Intelligence Sources:
- Go to Integration > Intelligence > Sources.
- Add a New Source:
- Click on Add a new source (+) to create a new IoC source.
- Set Source Parameters:
- Type: Choose Flat File.
- Content: Select IPv4 or URL based on the type of IoC you are importing.
- URL: Enter the URL provided by Q-Feeds (e.g.,
https://api.qfeeds.com/api.php?feed_type=XXXXX
). - Limit: Optionally, set a threshold for the number of IoCs being downloaded. The default limit should not exceed the maximum allowed list size of 500 MB.
- Authentication: Enter your API token as the username and password.
- Name: Provide a descriptive name for the list (e.g., “Q-Feeds Dangerous IPs”).
- Description: Optionally, add a brief description of the list.
- Action: Choose the action to be performed upon detection of an IoC (e.g., Monitor or Block).
- Update Frequency: Set the update interval (recommended values are available in the Q-Feeds documentation).
- TTL (Time to Live): Specify the time-to-live for the IoCs (e.g., 1 day).
- Publish: Ensure this option is enabled to activate the list.
- Save the Configuration:
- Click Save to finalize the configuration. The Cisco Firewall Management Center will start importing IoCs from Q-Feeds and update the list at the specified intervals.
Step 3: Applying IoCs in Cisco Firewall Policies
Once the IoCs are imported, you can apply them to various policies within the Cisco Firewall Management Center to protect your network:
- Web Filtering and DNS Policies: Block access to malicious domains and phishing sites.
- Firewall and IPS Policies: Monitor or block traffic based on the imported IoCs.
These policies help ensure that your network is protected from the latest threats, providing a proactive defense against potential breaches.
Conclusion
By integrating Q-Feeds with your Cisco Firewall, you can enhance your network’s security posture with minimal effort. The automated updates and comprehensive threat intelligence provided by Q-Feeds ensure that your firewall is always equipped with the latest IoCs, enabling real-time protection against cyber threats. For detailed information or troubleshooting, consult the official Cisco documentation or contact your account manager.
This article aims to assist network administrators in efficiently integrating Q-Feeds with Cisco firewalls, ensuring a secure and updated network environment.