Configure threat feeds
Active threat response consists of MDR threat feeds and Sophos X-Ops threat feeds.
You can configure some or all of these modules to allow the firewall to block traffic related to IP addresses, domains, and URLs involved in malicious activity. See Active threat response.
You can also configure source and destination exclusions.
Threat feeds
-
MDR threat feeds
Sophos MDR analysts share intelligence about active threats in your network with the firewall.
-
Sophos X-Ops threat feeds
Threat database from SophosLabs.
Exclusions
When you exclude a source or destination from Active threat response scanning, the firewall doesn't match the traffic with the threat feeds.
-
Threat exclusions