Configure threat feeds
Active threat response consists of MDR threat feeds and Sophos X-Ops threat feeds.
Threat feeds
-
MDR threat feeds
Sophos MDR analysts share intelligence about active threats in your network with the firewall.
-
Sophos X-Ops threat feeds
Threat database managed by SophosLabs.
Note
You can import and export threat exclusions, but you can't import or export threat feed configurations.
How the firewall implements threat feeds
The firewall first implements MDR threat feeds, followed by Sophos X-Ops threat feeds.
If an Indicator of Compromise (IoC) exists in all the threat feeds, the firewall acts as follows based on the value you set for Action:
- Log and drop: Drops the traffic, logs the event under MDR, and doesn't check the other threat feeds.
- Log only or Monitor: Logs separate events for MDR and Sophos X-Ops threat feeds.