Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Third-party threat feeds

Third-party threat feeds allow you to add threat intelligence from external threat feed sources to block threats.

The firewall automatically blocks traffic based on the IPv4 addresses, domains, and URLs listed in plain text format from third-party threat feeds. The action doesn't need you to configure other rules and policies for the threat feeds.

Managed Services Provider (MSP) services and alternative Managed Detection and Response (MDR) solutions are also supported. This allows Sophos partners to utilize third-party threat feeds as their own MDR service and integrates customers' alternative MDR solutions.

The following diagram shows how third-party threat feeds work with the firewall.

Third-party threat feeds diagram.

Video

The following video gives an overview of Third-party threat feeds.

Example third-party feeds

Third-party threat feeds can include those provided by security organizations, industry consortiums, and community-based, or open-source threat intelligence sources, such as the following:

Examples of tested threat feeds

IPv4 addresses

  • https://rules.emergingthreats.net/blockrules/compromised-ips.txt
  • https://check.torproject.org/torbulkexitlist

URLs

  • https://osint.digitalside.it/Threat-Intel/lists/latesturls.txt
  • https://urlhaus.abuse.ch/downloads/text/

Domains

  • https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf
  • https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt