Manage third-party threat feeds
You can view and manage third-party threat feeds, threat indicators, and storage quota.
Summary
Click Refresh to manually update the latest count.
See the counters for the following information:
- Active feeds: Active and configured threat feeds.
- Total threat indicators: Number of IP addresses, domains, and URLs.
-
Storage quota: Disk space used. The allotted space depends on the firewall model. Larger appliances carry more disk space than the desktop models.
Even if the storage quota is full, the firewall continues to get the Indicators of Compromise (IoC) at the configured polling interval. It then updates its list if disk space becomes available.
See threat indicators
You can search for individual IoCs in a threat feed using the following options:
- Click Threat indicators under the top menu.
- Under Total indicators in the threat feed list, click the number for a feed.
Synchronization of feeds
- Under the Sync status column, see the synchronization status of the threat feed.
- Under the Manage column, click Synchronize now to manually synchronize a threat feed. Feeds are automatically synchronized at the polling interval you configure for each.
- You can turn on or off, edit, and delete a threat feed.
Synchronization statuses
See the synchronization statuses and errors.
Sync status | Causes |
---|---|
Authentication error | API authentication failed. Possible causes:
|
Connection error | Possible causes:
|
Disabled | The rule is turned off. |
Storage full | The storage is full. The smaller desktop firewall appliances may not have enough disk space to store a large threat feed. If the firewall doesn't have enough space to store the full list, it shows this error. |
SSL/TLS error | SSL/TLS certificate issue. See Troubleshoot Active threat response. |
Failed | Invalid file and other errors. See Troubleshoot Active threat response. |
Success | Connection or GET request to external URL is successful. |
Fetching | File download is in progress. |
More resources