Configure threat feeds

Active threat response consists of MDR threat feeds, NDR Essentials, Sophos X-Ops threat feeds, and third-party threat feeds.

You can configure some or all of these modules to allow the firewall to block traffic related to IP addresses, domains, and URLs involved in malicious activity. See Active threat response.

You can also configure source and destination exclusions.

Threat feeds

MDR threat feeds

Sophos MDR analysts share intelligence about active threats in your network with the firewall.

Configure MDR threat feeds
NDR Essentials

NDR Essentials uses machine learning to analyze your firewall traffic, and detect indicators of compromise (IoCs).

Configure NDR Essentials
Sophos X-Ops threat feeds

Threat database from SophosLabs.

Configure Sophos X-Ops threat feeds
Third-party threat feeds

Integrate third-party threat intelligence feeds with the firewall.

Configure Third-party threat feeds

Exclusions

When you exclude a source or destination from Active threat response scanning, the firewall doesn't match the traffic with the threat feeds.

Threat exclusions

Exclude hosts, addresses, domains, URLs from checks